b'The NRC OIG Hotline\nThe Hotline Program provides NRC employees, other Government employees, licensee/utility\nemployees, contractors, and the public with a confidential means of reporting suspicious\nactivity concerning fraud, waste, abuse, and employee or management misconduct.\nMismanagement of agency programs or danger to public health and safety may also be\nreported. We do not attempt to identify persons contacting the Hotline.                     Office of the Inspector General\nWhat should be reported:\n\xe2\x80\xa2 Contract and Procurement Irregularities    \xe2\x80\xa2 Abuse of Authority\n                                                                                            Semiannual Report\n\xe2\x80\xa2 Conflicts of Interest\n\xe2\x80\xa2 Theft and Misuse of Property\n\xe2\x80\xa2 Travel Fraud\n                                             \xe2\x80\xa2 Misuse of Government Credit Card\n                                             \xe2\x80\xa2 Time and Attendance Abuse\n                                             \xe2\x80\xa2 Misuse of Information Technology Resources\n                                                                                            to Congress\n\xe2\x80\xa2 Misconduct                                 \xe2\x80\xa2 Program Mismanagement                        April 1, 2013\xe2\x80\x93September 30, 2013\n\nWays To Contact the OIG\n                               Call:\n                               OIG Hotline\n                               1-800-233-3497\n                               TDD: 1-800-270-2787\n                               7:00 a.m. \xe2\x80\x93 4:00 p.m. (EST)\n                               After hours, please leave a message.\n\n\n                               Submit:\n                               Online Form\n                               www.nrc.gov\n                               Click on Inspector General\n                               Click on OIG Hotline\n\n\n\n                               Write:\n                               U.S. Nuclear Regulatory Commission\n                               Office of the Inspector General\n                               Hotline Program, MS O5 E13\n                               11555 Rockville Pike\n                               Rockville, MD 20852-2738\n\n\nNUREG-1415, Vol. 27, No. 1\nOctober 2013\n\x0cOIG VISION                                                           OIG STRATEGIC GOALS\n\xe2\x80\x9cWe are agents of positive change striving for continuous            1. S\n                                                                        \x07 trengthen NRC\xe2\x80\x99s efforts to protect public health and safety\nimprovement in our agency\xe2\x80\x99s management and program operations.\xe2\x80\x9d         and the environment.\n                                                                     2. E\x07 nhance NRC\xe2\x80\x99s efforts to increase security in response to an\n                                                                        evolving threat environment.\nOIG MISSION\n                                                                     3. I\x07 ncrease the economy, efficiency, and effectiveness with\nNRC OIG\xe2\x80\x99s mission is to (1) independently and objectively conduct       which NRC manages and exercises stewardship over its\nand supervise audits and investigations relating to NRC\xe2\x80\x99s programs      resources.\nand operations; (2) prevent and detect fraud, waste, and abuse;\nand (3) promote economy, efficiency, and effectiveness in NRC\xe2\x80\x99s\nprograms and operations.\n\n\n\n\nCover Photo:\n\nMcGuire Nuclear Station.\nPhoto coutesy of Duke Energy, LLC\n\x0cA Message From\nthe Inspector General\nI am pleased to present this Semiannual Report to Congress on the activities and\naccomplishments of the Nuclear Regulatory Commission (NRC) Office of the\nInspector General (OIG) from April 1, 2013, to September 30, 2013.\n\nOur work reflects the legislative mandate of the Inspector General Act, which is\nto identify and prevent fraud, waste, and abuse through the conduct of audits and investigations relating to\nNRC programs and operations. The audits and investigations highlighted in this report demonstrate our\ncommitment to ensuring integrity and efficiency in NRC\xe2\x80\x99s programs and operations.\n\nDuring this reporting period, we focused our efforts on agency programs and operations that are critical to\nthe success of the agency\xe2\x80\x99s core safety and security mission. Our work focused on areas such as compliance\nwith the regulations set forth in 10 CFR Part 51, adherence to the \xe2\x80\x9cReducing Over-Classification Act,\xe2\x80\x9d and\ncompliance with NRC access authorization policies. Our efforts in focusing on these areas are designed to\nassist the agency in making attentive, meaningful, and consistent programmatic and management decisions\nthat maximize efficiency and effectiveness.\n\nNRC\xe2\x80\x99s ability to effectively accomplish its safety and security mission is influenced by the effectiveness of its\ncorporate management programs in areas such as information technology and financial resources. One of\nOIG\xe2\x80\x99s strategic goals is to increase the economy, efficiency, and effectiveness with which NRC manages and\nexercises stewardship over its resources. In this edition of the Semiannual Report, we highlighted our efforts\nin identifying and addressing the risks associated with the principal corporate management areas of the\nNRC, such as protecting Safeguards Information, preventing and detecting misuse in the travel charge card\nprogram, proper financial control over the budget execution process, and information technology readiness\nfor Three White Flint North.\n\nDuring this semiannual reporting period, we issued seven program audit reports. As a result of this work,\nOIG made a number of recommendations to improve the effective and efficient operation of NRC\xe2\x80\x99s safety,\nsecurity, and corporate management programs. OIG also opened 39 investigations, and completed 35 cases.\nSeven of the open cases were referred to the Department of Justice, and six allegations were referred to\nNRC management for action.\n\nThe NRC OIG remains committed to the integrity, efficiency, and effectiveness of NRC programs and\noperations, and our audits, investigations, and other activities highlighted in this report demonstrate\nthis ongoing commitment. OIG continuously strives to maintain the highest possible standards of\nprofessionalism and quality in their audits and investigations. I would like to acknowledge our auditors,\ninvestigators, and support staff for their superior work and ongoing commitment to the mission of this office.\n\nFinally, the success of the NRC OIG would not be possible without the collaborative efforts between my\nstaff and those of the agency to address OIG findings and to implement recommended corrective actions\ntimely. I wish to thank them for their dedication and support, and I look forward to their continued\ncooperation as we work together to ensure the integrity and efficiency of agency operations.\n\n\n\n\nHubert T. Bell\nInspector General\n\n\n\n                                                                         April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 i\n\x0c                                        Virgil C. Summer nuclear power station. Photo courtesy of South Carolina Electic & Gas Company\n\nii \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cContents\nHighlights  .               .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . v\n\n\tAudits  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . v\n\n\tInvestigations  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . vii\n\nOverview of NRC and OIG                                         .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 1\n\n\t     NRC\xe2\x80\x99s Mission .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 1\n\n\t     OIG History, Mission, and Goals .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  2\n\n\t\t          OIG History .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 2\n\n\t\t          OIG Mission and Goals  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 3\n\nOIG Programs and Activities  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 4\n\t     Audit Program  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 4\n\n\t     Investigative Program .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  5\n\n\t     Regulatory Review  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 6\n\n\t     Other OIG Activities  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  7\n\nManagement and Performance Challenges  .                                                          .  .  .  .  .  .  .  .  .  . 8\n\nAudits  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .           .  .  .  .  .  .  .  .  .  . 9\n\n\t     Audit Summaries  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  9\n\n\t     Audits in Progress .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 22\n\nInvestigations  .                 .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 29\n\n\t     Investigative Case Summaries .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 29\n\nSummary of OIG Accomplishments                                                     .  .  .  .  .  .  .  .  .  .  .  .  .  . 35\n\n\t     Investigative Statistics .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 35\n\n\t     Audit Listings .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 37\n\n\t     Audit Resolution Activities .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 39\n\nAbbreviations and Acronyms  .                                      .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 43\n\nReporting Requirements  .  .  .  .                                 .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 44\n\nAppendix  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .              .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 45\n\n\n\n                                                                                                        April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 iii\n\x0c                                                            Keewaunee nuclear power station. Photo courtesy of Dominion Power.\n\niv \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cHighlights\nThe following two sections highlight selected audits and investigations completed during this\nreporting period. More detailed summaries appear in subsequent sections of this report.\n\nAudits\n\xe2\x80\xa2\t The U.S. Nuclear Regulatory Commission (NRC) developed its Safeguards\n   Information Local Area Network and Electronic Safe (SLES) system to store\n   and manage electronic Safeguards Information (SGI) documents. SLES features\n   two distinct components: a secure wireless Local Area Network (LAN) and\n   an electronic safe (E-Safe) for SGI documents. The SGI LAN component\n   is a network with a secure architecture and is dedicated for use in SGI data\n   processing. The E-Safe component is a secure electronic data repository for SGI\n   records. E-Safe users are able to create, capture, search, and retrieve data from\n   this repository. The adoption of these various techniques into SGI operations\n   was intended to ensure that E-Safe will contain all SGI created or received by\n   NRC, thereby eliminating the need to maintain separate, individual collections\n   of SGI. The audit objective was to determine if SLES meets its operational\n   capabilities and applicable security controls.\n\n\xe2\x80\xa2\t NRC established its travel charge card program to facilitate employee travel in\n   support of the agency\xe2\x80\x99s mission. Specifically, the purpose for using Government\n   travel charge cards (referred to as travel cards) is to reduce the overall cost of travel\n   to the Federal Government through lower administrative costs and by taking\n   advantage of rebates offered by card vendors based on the volume of transactions\n   and on prompt payment of bills. The Federal Travel Regulation mandates the\n   use of travel cards for all official travel expenses unless specifically exempted.\n   Under the program, travel cards can be used to pay for expenses related to official\n   Government travel, such as lodging, meals, and rental cars. During fiscal year\n   (FY) 2011, approximately $16.8 million was charged for NRC travel under this\n   program. The audit objective was to assess the adequacy and effectiveness of\n   NRC\xe2\x80\x99s policies, procedures, and internal controls over the travel card program for\n   preventing and detecting travel charge card misuse and delinquencies.\n\n\xe2\x80\xa2\t The U.S. Government requires Federal agencies to establish an effective funds\n   control process to ensure funds are used only for the purpose set forth by\n   Congress and that expenditures do not exceed amounts authorized. The NRC\n   budget process consists of strategic planning, budget formulation, submission\n   of the agency\xe2\x80\x99s budget to the Office of Management and Budget and Congress,\n   approval of the budget by Congress, budget execution, and the reporting of\n   budget and performance results. The budget execution phase refers generally to\n   the time period during which the budget authority made through an appropriation\n   remains available for obligation by NRC. NRC\xe2\x80\x99s task during the budget execution\n   process is to spend appropriated funds to carry out its mission in accordance with\n   fiscal statutes. From FY 2008 through FY 2012, NRC\xe2\x80\x99s budget appropriation\n   ranged from $926.1 million to $1,066.9 million. The audit objectives were to\n   determine whether (1) NRC maintains proper financial control over appropriated\n\n\n\n                                                                            April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 v\n\x0c                          and apportioned funds to ensure compliance with applicable Federal laws, policies,\n                          and regulations and (2) opportunities exist to improve the budget execution\n                          process.\n\n                     \xe2\x80\xa2\t The NRC headquarters campus in Rockville, MD, comprises three buildings:\n                        One White Flint North, Two White Flint North, and the recently completed\n                        Three White Flint North (3WFN). NRC planned this new building to provide\n                        adequate office space for all headquarters employees on one centralized campus,\n                        replacing NRC offices located at four separate leased spaces in Montgomery\n                        County, MD. Prior to moving staff into 3WFN, NRC must ensure that the\n                        information technology (IT) infrastructure is in place to allow staff to be fully\n                        functional in the new facility. This includes ensuring that IT systems located at\n                        other NRC headquarters facilities are transported to 3WFN, installed, and tested\n                        so that employees have access to the systems needed to do their jobs. The audit\n                        objective was to evaluate NRC\xe2\x80\x99s IT readiness during the transition to 3WFN.\n\n                     \xe2\x80\xa2\t The National Environmental Policy Act of 1969 (NEPA) established a national\n                        policy to encourage productive and enjoyable harmony between man and his\n                        environment, promote efforts that will prevent or eliminate damage to the\n                        environment, and enrich the understanding of ecological systems and natural\n                        resources important to the United States. To implement NEPA, Federal\n                        agencies must undertake an assessment of the environmental effects of their\n                        proposed actions prior to making a decision. The two major purposes of the\n                        NEPA process are better informed decisions and citizen involvement. NEPA\n                        requires that Federal agencies prepare a detailed statement on the environmental\n                        impacts and effects, alternatives to the action, and irreversible commitments\n                        of resources involved in the action. This detailed statement is called an\n                        Environmental Impact Statement. NRC regulations to implement NEPA are\n                        found in Title 10, Code of Federal Regulations, Part 51 (10 CFR Part 51). The\n                        audit objective was to determine whether NRC complies with the regulations in\n                        10 CFR Part 51 relative to the preparation of environmental impact statements.\n\n                     \xe2\x80\xa2\t The Reducing Over-Classification Act states that over-classification of\n                        information interferes with information sharing, increases information security\n                        costs, and needlessly limits stakeholder and public access to information.\n                        Further, the act asserts that over-classification negatively affects dissemination of\n                        information within the Federal Government; with State, local, and tribal entities;\n                        and with the private sector. Lastly, the act states that Federal agencies that\n                        perform classification are responsible for promoting compliance with applicable\n                        laws, executive orders, and other authorities pertaining to classification. The\n                        audit objectives were to (1) assess whether applicable classification policies,\n                        procedures, rules, and regulations have been adopted, followed, and effectively\n                        administered within such department, agency, or component, and (2) identify\n                        policies, procedures, rules, regulations, or management practices that may be\n                        contributing to persistent misclassification of material within such department,\n                        agency, or component.\n\n\n\n\nvi \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0c\xe2\x80\xa2\t The objective of NRC\xe2\x80\x99s personnel security program is to provide assurance\n   that those with access to NRC facilities, classified information, sensitive NRC\n   information and equipment, nuclear power facilities, and special nuclear\n   material are reliable and trustworthy. NRC\xe2\x80\x99s Personnel Security Branch (PSB)\n   administers the personnel security program, granting or denying access to\n   classified information. Access authorization is an administrative determination\n   that an individual is eligible for a security clearance for access to Restricted Data\n   or National Security Information. Access authorization eligibility requires an\n   affirmative determination by PSB that the person in question is an acceptable\n   security risk. Maintaining access authorization requires periodic background\n   reinvestigations and adherence to security requirements. Additionally, individuals\n   are required to self-report information to PSB that might compromise\n   their continued eligibility for access to NRC facilities, material, or classified\n   information. The audit objective was to determine if NRC has processes in place\n   to ensure that NRC employees comply with personnel reporting responsibilities\n   for continued NRC access authorization eligibility.\n\n\n\n\nInvestigations\n\xe2\x80\xa2\t OIG completed an investigation based on a number of allegations in an anonymous\n   letter sent to Congress and the NRC Commission, alleging that an NRC Region\n   IV manager retaliated against regional staff for raising safety issues involving\n   inspection activities at the Fort Calhoun Station nuclear power plant, concerning\n   an onsite fire, and the adequacy of flood protection measures. It was further alleged\n   that Region IV has a chilled workplace environment that dissuades inspectors from\n   identifying safety issues that may be challenged by regional management.\n\n\xe2\x80\xa2\t OIG completed an investigation into a congressional concern that a Region III\n   staff member provided inaccurate and misleading information pertaining to a\n   pressure boundary leak in a pipe at FirstEnergy\xe2\x80\x99s Nuclear Power Station, Davis-\n   Besse, located in Oak Harbor, OH.\n\n\xe2\x80\xa2\t OIG completed an investigation into allegations that an NRC employee used their\n   Washington Metropolitan Area Transit Authority (Metro) Transit Subsidy Benefits\n   Program (TSBP) funds to pay for parking for the employee\xe2\x80\x99s privately owned\n   vehicle. An initial review of the employee\xe2\x80\x99s Metro Transit Subsidy SmarTrip\n   transaction history revealed there were several occasions where the employee paid\n   for parking without reimbursing the money received from the TSBP.\n\n\xe2\x80\xa2\t OIG completed an investigation into an anonymous allegation that an NRC\n   contractor was not providing information technology infrastructure services and\n   support mandated under its contract with NRC. According to the allegation, the\n   NRC contractor was not providing printers, supplies, and maintenance that NRC\n   desperately needed and was cutting costs by providing inexperienced personnel to\n   work on the contract.\n\n\n\n                                                                    April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 vii\n\x0c                      \xe2\x80\xa2\t OIG completed an investigation into an allegation that an unknown individual(s)\n                         sent a spear phishing e-mail to approximately 215 NRC e-mail accounts\n                         containing a link to harvest NRC network user ID and passwords (credentials).\n                         At least 12 NRC users were identified as having clicked on the link and accessing\n                         the Google Doc spreadsheet page.\n\n                      \xe2\x80\xa2\t OIG completed an investigation initiated by a letter from Congress.  The letter\n                         conveyed that a constituent, a former Small Business Administration (SBA) 8(a)\n                         business owner, alleged that NRC inappropriately awarded an SBA 8(a) contract\n                         that the alleger previously held to a different contractor to provide human\n                         resources support to NRC\xe2\x80\x99s Region I office.\n\n\n\n\nviii \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cOverview of NRC and OIG\nNRC\xe2\x80\x99s Mission\nNRC was formed in 1975, in accordance with the Energy Reorganization Act of\n1974, to regulate the various commercial and institutional uses of nuclear materials.\nThe agency succeeded the Atomic Energy Commission, which previously had\nresponsibility for both developing and regulating nuclear activities.\n\nNRC\xe2\x80\x99s mission is to regulate the Nation\xe2\x80\x99s civilian use of byproduct, source, and\nspecial nuclear materials to ensure adequate protection of public health and safety,\npromote the common defense and security, and protect the environment. NRC\xe2\x80\x99s\nregulatory mission covers three main areas:\n\n\xe2\x80\xa2\t R\n   \x07 eactors\xe2\x80\x94Commercial reactors that generate\n   electric power and research and test reactors used\n   for research, testing, and training.\n\n\xe2\x80\xa2\t \x07Materials\xe2\x80\x94Uses of nuclear materials in medical,\n    industrial, and academic settings and facilities that\n    produce nuclear fuel.\n\n\xe2\x80\xa2\t \x07Waste\xe2\x80\x94Transportation, storage, and disposal of\n    nuclear materials and waste, and decommissioning of\n    nuclear facilities from service.\n\nUnder its responsibility to protect public health and safety, NRC has three principal\nregulatory functions: (1) establish standards and regulations, (2) issue licenses for\nnuclear facilities and users of nuclear materials, and (3) inspect facilities and users\nof nuclear materials to ensure compliance with the requirements. These regulatory\nfunctions relate both to nuclear power plants and other uses of nuclear materials\xe2\x80\x94\nlike nuclear medicine programs at hospitals, academic activities at educational\ninstitutions, research, and such industrial applications as gauges and testing\nequipment.\n\nNRC maintains a current Web site and a public document room at its headquarters\nin Rockville, MD; holds public hearings and public meetings in local areas and at\nNRC offices; and engages in discussions with individuals and organizations.\n\n\t\n\n\n\n\n                                                                      April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 1\n\x0c                     OIG History, Mission, and Goals\n                     OIG History\n                     In the 1970s, Government scandals, oil shortages, and stories of corruption covered\n                     by newspapers, television, and radio stations took a toll on the American public\xe2\x80\x99s\n                     faith in its Government. The U.S. Congress knew it had to take action to restore\n                     the public\xe2\x80\x99s trust. It had to increase oversight of Federal programs and operations.\n                     It had to create a mechanism to evaluate the effectiveness of Government programs.\n                     And, it had to provide an independent voice for economy, efficiency, and effectiveness\n                     within the Federal Government that would earn and maintain the trust of the\n                     American people.\n\n                     In response, Congress passed the landmark legislation known as the Inspector\n                     General (IG) Act, which President Jimmy Carter signed into law in 1978. The IG\n                     Act created independent Inspectors General, who would protect the integrity of\n                     Government; improve program efficiency and effectiveness; prevent and detect\n                     fraud, waste, and abuse in Federal agencies; and keep agency heads, Congress, and\n                     the American people fully and currently informed of the findings of IG work.\n\n                     Today, the IG concept is a proven success. The IGs continue to deliver significant\n                     benefits to our Nation. Thanks to IG audits and investigations, billions of dollars\n                     have been returned to the Federal Government or have been better spent based\n                     on recommendations identified through those audits and investigations. IG\n                     investigations have also contributed to the prosecution of thousands of wrongdoers.\n                     In addition, the IG concepts of good governance, accountability, and monetary\n                     recovery encourage foreign governments to seek advice from IGs, with the goal of\n                     replicating the basic IG principles in their own governments.\n\n\n\n\n2 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cOIG Mission and Goals\nNRC\xe2\x80\x99s OIG was established as a statutory entity on April 15, 1989, in\naccordance with the 1988 amendment to the IG Act. NRC OIG\xe2\x80\x99s mission is\nto (1) independently and objectively conduct and supervise audits and investigations\nrelating to NRC programs and operations; (2) prevent and detect fraud, waste, and\nabuse; and (3) promote economy, efficiency, and effectiveness in NRC programs\nand operations.\n\nOIG is committed to ensuring the integrity of NRC programs and operations.\nDeveloping an effective planning strategy is a critical aspect of accomplishing this\ncommitment. Such planning ensures that audit and investigative resources are used\neffectively. To that end, OIG developed a Strategic Plan that includes the major\nchallenges and critical risk areas facing NRC.\n\nThe plan identifies OIG\xe2\x80\x99s priorities and establishes a shared set of expectations\nregarding the goals OIG expects to achieve and the strategies that will be employed\nto do so. OIG\xe2\x80\x99s Strategic Plan features three goals, which generally align with NRC\xe2\x80\x99s\nmission and goals:\n\n1.\t S\n    \x07 trengthen NRC\xe2\x80\x99s efforts to protect public health and safety and the\n    environment.\n\n2.\t E\n    \x07 nhance NRC\xe2\x80\x99s efforts to increase security in response to an evolving\n    threat environment.\n\n3.\t I\x07 ncrease the economy, efficiency, and effectiveness with which NRC\n     manages and exercises stewardship over its resources.\n\n\n\n\n                                                                    April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 3\n\x0cOIG Programs and Activities\n                     Audit Program\n                     The OIG Audit Program focuses on management and financial operations;\n                     economy or efficiency with which an organization, program, or function is\n                     managed; and whether the programs achieve intended results. OIG auditors\n                     assess the degree to which an organization complies with laws, regulations, and\n                     internal policies in carrying out programs, and they test program effectiveness as\n                     well as the accuracy and reliability of financial statements. The overall objective\n                     of an audit is to identify ways to enhance agency operations and promote greater\n                     economy and efficiency. Audits comprise four phases:\n\n                     \xe2\x80\xa2\t Survey\n                        \x07\x07     phase\xe2\x80\x94An initial phase of the audit process is used to gather\n                        information, without detailed verification, on the agency\xe2\x80\x99s organization,\n                        programs, activities, and functions. An assessment of vulnerable areas\n                        determines whether further review is needed.\n\n                     \xe2\x80\xa2\t V\n                        \x07 erification phase\xe2\x80\x94Detailed information is obtained to verify findings and\n                        support conclusions and recommendations.\n\n                     \xe2\x80\xa2\t R\n                        \x07 eporting phase\xe2\x80\x94The auditors present the information, findings,\n                        conclusions, and recommendations that are supported by the evidence\n                        gathered during the survey and verification phases. Exit conferences are held\n                        with management officials to obtain their views on issues in the draft audit\n                        report. Comments from the exit conferences are presented in the published\n                        audit report, as appropriate. Formal written comments are included in their\n                        entirety as an appendix in the published audit report.\n\n                     \xe2\x80\xa2\t R\n                        \x07 esolution phase\xe2\x80\x94Positive change results from the resolution process\n                        in which management takes action to improve operations based on the\n                        recommendations in the published audit report. Management actions\n                        are monitored until final action is taken on all recommendations. When\n                        management and OIG cannot agree on the actions needed to correct a\n                        problem identified in an audit report, the issue can be taken to the NRC\n                        Chairman for resolution.\n\n                     Each October, OIG issues an Annual Plan that summarizes the audits planned for\n                     the coming fiscal year. Unanticipated high-priority issues may arise that generate\n                     audits not listed in the Annual Plan. OIG audit staff continually monitor specific\n                     issues areas to strengthen OIG\xe2\x80\x99s internal coordination and overall planning\n                     process. Under the OIG Issue Area Monitor (IAM) program, staff designated as\n                     IAMs are assigned responsibility for keeping abreast of major agency programs\n                     and activities. The broad IAM areas address nuclear reactors, nuclear materials,\n                     nuclear waste, international programs, security, information management, and\n                     financial management and administrative programs.\n\n\n\n\n4 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cInvestigative Program\nOIG\xe2\x80\x99s responsibility for detecting and preventing fraud, waste, and abuse within\nNRC includes investigating possible violations of criminal statutes relating to NRC\nprograms and activities, investigating misconduct by NRC employees, interfacing\nwith the Department of Justice on OIG-related criminal matters, and coordinating\ninvestigations and other OIG initiatives with Federal, State, and local investigative\nagencies and other OIGs. Investigations may be initiated as a result of allegations or\nreferrals from private citizens; licensee employees; NRC employees; Congress; other\nFederal, State, and local law enforcement agencies; OIG audits; the OIG Hotline; and\nOIG initiatives directed at areas bearing a high potential for fraud, waste, and abuse.\n\nBecause NRC\xe2\x80\x99s mission is to protect the health and safety of the public, OIG\xe2\x80\x99s\nInvestigative Program directs much of its resources and attention to investigations of\nalleged conduct by NRC staff that could adversely impact matters related to health\nand safety. These investigations may address allegations of:\n\n\xe2\x80\xa2\t Misconduct\n   \x07\x07         by high-ranking NRC officials and other NRC officials, such as\n   managers and inspectors, whose positions directly impact public health and safety.\n\n\xe2\x80\xa2\t Failure\n   \x07\x07      by NRC management to ensure that health and safety matters are\n   appropriately addressed.\n\n\xe2\x80\xa2\t Failure\n   \x07\x07      by NRC to appropriately transact nuclear regulation publicly and candidly\n   and to openly seek and consider the public\xe2\x80\x99s input during the regulatory process.\n\n\xe2\x80\xa2\t Conflicts\n   \x07\x07         of interest involving NRC employees and NRC contractors and\n   licensees, including such matters as promises of future employment for favorable\n   or inappropriate treatment and the acceptance of gratuities.\n\n\xe2\x80\xa2\t Fraud\n   \x07\x07    in the NRC procurement program involving contractors violating\n   Government contracting laws and rules.\n\nOIG has also implemented a series of proactive initiatives designed to identify\nspecific high-risk areas that are most vulnerable to fraud, waste, and abuse. A primary\nfocus is electronic-related fraud in the business environment. OIG is committed to\nimproving the security of this constantly changing electronic business environment by\ninvestigating unauthorized intrusions and computer-related fraud, and by conducting\ncomputer forensic examinations. Other proactive initiatives focus on determining\ninstances of procurement fraud, theft of property, Government credit card abuse, and\nfraud in Federal programs.\n\n\t\n\n\n\n\n                                                                     April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 5\n\x0c                     Regulatory Review\n                     Pursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG\n                     reviews existing and proposed legislation, regulations, policy, and implementing\n                     Management Directives, and makes recommendations to the agency concerning\n                     their impact on the economy and efficiency of agency programs and operations.\n\n                     Regulatory review is intended to provide assistance and guidance to the agency\n                     prior to the concurrence process so as to avoid formal implementation of potentially\n                     flawed documents. OIG does not concur or object to the agency actions reflected in\n                     the regulatory documents, but rather offers comments and requests responsive action\n                     within specified timeframes.\n\n                     Comments provided in regulatory review reflect an objective analysis of the language\n                     of proposed agency statutes, directives, regulations, and policies resulting from OIG\n                     insights from audits, investigations, and historical data and experience with agency\n                     programs. OIG\xe2\x80\x99s review is structured so as to identify vulnerabilities and offer\n                     additional or alternative choices.\n\n                     To effectively track the agency\xe2\x80\x99s response to OIG regulatory review, comments\n                     include a request for written replies within 90 days, with either a substantive reply or\n                     status of issues raised by OIG.\n\n                     From April 1, 2013, through September 30, 2013, OIG reviewed agency documents,\n                     including Commission papers, Staff Requirements Memoranda, Federal Register\n                     Notices, regulatory actions, and statutes.\n\n                     The following comments were provided during this reporting period:\n\n                     \xe2\x80\xa2\t The\n                        \x07\x07   most significant matter addressed during this period was draft Management\n                        Directive 4.X, Budget Formulation. This draft is a major revision and update to\n                        the Financial Management part of the directive system. Separating budget\n                        formulation from the former chapter section where it was previously part of\n                        Management Directive 4.7, NRC Long Range Planning, Programming and Budget\n                        Formulation, this new directive comprehensively describes the budget process.\n                        The draft was generally well constructed and organized. OIG comments focused\n                        on suggesting additional clarification of the roles of each organization involved\n                        in each step in the formulation process, and the benefit of including a glossary of\n                        the terms used in the directive.\n\n\n\n\n6 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cOther OIG Activities\n\x07\n\nThe OIG General Counsel, Maryann Lawrence Grodin, supported the IG\ncommunity in training and presentations. The Department of Justice Attorney\nGeneral guidelines for statutory law enforcement authority for criminal investigators\ninclude the requirement for periodic refresher training on specified legal issues.\nThe Inspector General Criminal Investigator Academy was tasked with formulating the\nsyllabus for the training and identification of appropriate teaching staff. Ms. Grodin\nwas part of a group of attorneys from several IG offices who constructed a model\n3-hour course and participated in training a cadre of attorney-trainers. Additionally,\nMs. Grodin, along with attorneys from other IG offices, presented the Civil and\nAdministrative Remedies class as part of the Inspector General Periodic Refresher Training\nProgram in Denver, CO and Shepardstown, WV, to agents from more than a dozen\nFederal agencies.\n\nMs. Grodin also participated in the Inspector General Criminal Investigator Academy\nCurriculum Review Working Group for the Periodic Refresher Training Program. The\nworking group focused on assessing the training program\xe2\x80\x99s effectiveness in meeting\nthe objectives detailed in the Attorney General\xe2\x80\x99s Guidelines for Offices of Inspector\nGeneral with Statutory Law Enforcement Authority.\n\nThe Council of Counsels to Inspectors General, a group of attorneys who serve as legal\nadvisors in the Federal IG community, sponsors a training program for law students\nworking as summer interns in IG offices in the Washington, DC, area. As part of\nthe introductory session for this year\xe2\x80\x99s program, Ms. Grodin, along with Kirt West,\nCounsel to the Inspector General at the National Reconnaissance Office, provided a\npresentation on the concept and history of the IG offices in the Federal Government.\nIn addition to the statutory history, they related the political and philosophical\ncontext of IG legal authority and functions. They illustrated these legal concepts\nwith examples from their experiences as IG counsels, and related cases they had\nworked on in the IG community.\n\n\n\n\n                                                                        April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 7\n\x0cManagement and\nPerformance Challenges\n                        Most Serious Management and Performance Challenges\n                             Facing the Nuclear Regulatory Commission\n                                       as of October 1, 2012*\n                                           (as identified by the Inspector General)\n                       Challenge 1\t\x07Management of regulatory processes to meet a changing environment\n                                    in the oversight of nuclear materials.\n\n                       Challenge 2\t\x07Management of internal NRC security and oversight of licensee\n                                    security programs.\n\n                       Challenge 3\t\x07Management of regulatory processes to meet a changing environment\n                                    in the oversight of nuclear facilities.\n\n                       Challenge 4\t\x07Management of issues associated with the safe storage of high-level\n                                    radioactive waste when there is no long-term disposal solutions.\n\n                       Challenge 5\t Management of information technology.\n\n                       Challenge 6\t\x07Administration of all aspects of financial management and procurement.\n\n                       Challenge 7\t Management of human capital.\n\n                     *\x07The most serious management and performance challenges are not ranked in any order\n                      of importance.\n\n\n\n\n8 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAudits\nTo help the agency improve its effectiveness and efficiency during this period, OIG\ncompleted seven financial and performance audits, all of which are summarized here,\nthat resulted in numerous recommendations to NRC management. In addition, Defense\nContract Audit Agency completed three contract audits for OIG.\n\nAudit Summaries\nAudit of NRC\xe2\x80\x99s Safeguards Information Local Area\nNetwork and Electronic Safe\nOIG Strategic Goal: Corporate Management\nNRC developed its Safeguards Information Local Area Network and Electronic Safe\n(SLES) system to store and manage electronic Safeguards Information (SGI) documents.\n\nSLES features two distinct components: a secure wireless Local Area Network (LAN)\nand an electronic safe (E-Safe) for SGI documents. The SGI LAN component is a\nnetwork with a secure architecture and is dedicated for use in SGI data processing.\nThe E-Safe component is a secure electronic data repository for SGI records. E-Safe\nusers are able to create, capture, search, and retrieve data from this repository. The\nadoption of these various techniques into SGI operations was intended to ensure that\nE-Safe will contain all SGI created or received by NRC, thereby eliminating the need\nto maintain separate, individual collections of SGI.\n\nThe audit objective was to determine if SLES meets its operational capabilities and\napplicable security controls.\n\nAudit Results:\nNRC has developed a secure electronic system to store SGI while also reducing paper\nSGI and the space needed to store SGI documents; however, opportunities exist for\nimprovement. Specifically, the system (1) does not fully meet user needs and (2) uses\ninconsistent access rights.\n\nSLES Does Not Fully Meet User Needs\n\nInformation technology systems should improve agency productivity and efficiency\nwhile reducing paper.1 SLES was created to allow NRC staff to share SGI in a secure\nand effective manner. However, SLES does not fully meet user needs; for example,\nthe SLES official folder and document organization is confusing and not intuitive, and\nthe search function is poor and does not let individuals with \xe2\x80\x9cbrowse\xe2\x80\x9d permission see\ndocument titles when conducting a formal search through the SLES search engine.\nMoreover, while SLES has reduced the amount of SGI paper documents maintained\nby NRC offices, a significant amount still remains. This has occurred because NRC\nmanagement has not given SLES high priority, specifically:\n\n\n1\n    Paperwork Reduction Act of 1995.\n\n\n                                                                     April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 9\n\x0c                       \xe2\x80\xa2\t There\n                          \x07\x07     is no single individual who serves as a business \xe2\x80\x9cchampion\xe2\x80\x9d2 for integrating SLES\n                          into the NRC business process.\n\n                       \xe2\x80\xa2\t \x07N\n                           \x07\x07 RC lacks adequate communication channels to discuss system issues between SLES staff\n                           and its users.\n\n                       As a result, the system is not being used to its potential and more resources must be used to\n                       maintain paper SGI records, possibly resulting in fiscal waste.\n\n                       Access Rights Are Inconsistent\n\n                       Federal regulations mandate security controls to protect systems and networks from\n                       inappropriate access and unauthorized use. SLES access rights do not consistently meet the\n                       intent of the SGI \xe2\x80\x9cneed-to-know\xe2\x80\x9d requirement or an information system\xe2\x80\x99s \xe2\x80\x9cleast privilege\xe2\x80\x9d\n                       principle because there is no standard process for granting SGI access to individuals or for\n                       verifying user access rights. Providing SLES users access rights that exceed an individual\xe2\x80\x99s\n                       need-to-know or go beyond organizational business needs increases the risk that SGI could be\n                       compromised. Additionally, not having a formal policy in place limits access to some individuals\n                       who may need SGI access to effectively do their jobs.\n\n                       (Addresses Management and Performance Challenge #5)\n\n\n\n                       Audit of NRC\xe2\x80\x99s Travel Charge Card Program\n                       OIG Strategic Goal: Corporate Management\n                                                                    NRC established its travel charge card program\n                                                                    (referred to as the program) to facilitate employee\n                                                                    travel in support of the agency\xe2\x80\x99s mission.\n                                                                    Specifically, the purpose for using Government\n                                                                    charge cards designated for travel purposes\n                                                                    (referred to as travel cards) is to reduce the\n                                                                    overall cost of travel to the Federal Government\n                                                                    through lower administrative costs and by taking\n                                                                    advantage of rebates offered by card vendors\nSource: OIG analysis\nof Citibank data\n                       based on the volume of transactions and on prompt payment of bills. The Federal Travel\n                       Regulation mandates the use of travel cards for all official travel expenses unless specifically\n                       exempted. Under the program, travel cards can be used to pay for expenses related to official\n                       Government travel, such as lodging, meals, and rental cars. During FY 2011, approximately\n                       $16.8 million was charged for travel under this program. As of September 2011, approximately\n                       2,618 employees had individually billed cards, and NRC held 5 centrally billed cards.\n\n                       The audit objective was to assess the adequacy and effectiveness of NRC\xe2\x80\x99s policies, procedures,\n                       and internal controls over the travel card program for preventing and detecting travel charge\n                       card misuse and delinquencies.\n\n\n                       2\n                           \x07A champion voluntarily works to facilitate the adoption, implementation, and success of a cause, policy, program,\n                           project, or product.\n\n\n10 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAudit Results\nNRC\xe2\x80\x99s travel card program has policies, procedures, and internal controls in place\nto prevent and detect travel card misuse and delinquencies. NRC also has policies\nin place to lower the overall cost of official travel to the agency. However, OIG\ndetermined the efficiency and effectiveness of NRC\xe2\x80\x99s management of rebates and\nquarterly data reporting to the Office of Management and Budget (OMB) can be\nimproved. Specifically, opportunities exist to (1) maximize NRC\xe2\x80\x99s rebates by using\nrecommended Federal strategies and (2) improve quarterly reported data accuracy by\nemploying available tools.\n\nAlso, during the course of the audit, OIG found that nearly two-thirds of agency card\nholders were not in compliance with OMB training requirements. OIG discussed this\nmatter with Office of the Chief Financial Officer (OCFO) staff, who agreed with this\nfinding and took corrective action.\n\nOpportunity To Maximize Rebates\n\nNRC\xe2\x80\x99s travel card program management does not maximize travel card rebates. For\nexample, NRC does not monitor use of the card by frequent travelers, mandate split\ndisbursement,3 or pay centrally billed accounts within a day of invoice receipt \xe2\x80\x93 all\nconventional strategies for improving rebates for use of the travel card. OIG\xe2\x80\x99s analysis\nof the FY 2011 rebate shows that the agency could have received approximately\n$60,000 more than the $96,242 it received on net charges of approximately $16.8\nmillion. NRC does not maximize its rebate because program management staff do\nnot effectively use strategies identified in OMB Circular A-123, Appendix B, available\nto Federal agencies to increase rebate payments. Specifically, the agency does not\npay invoices as received in centrally billed accounts for the productivity rebate and\ndoes not explore basis point options for the sales rebate. As a result, NRC does not\nreceive the maximum rebate, which, in turn, makes program costs unnecessarily high.\nFurther, NRC is not in full compliance with OMB requirements to maximize rebates.\n\nOpportunity To Improve Reported Data Quality\n\nOMB requires travel card program managers to report program data at least\nquarterly. OCFO officials responsible for the travel card program did not report\naccurate or supportable quarterly data to OMB. In FY 2011, NRC reported incorrect\nor unsupportable information for 6 of the 14 required data elements. This occurred\nbecause program managers did not effectively use the tools available through\nCitibank\xe2\x80\x99s electronic access system4 and other sources. As a result, NRC management\ndid not receive accurate information to inform program decisions.\n\n(Addresses Management and Performance Challenge #6)\n\n\n\n3\n    \x07The Government pays the credit card vendor directly when a traveler uses the card and files a voucher for\n    reimbursement, while additional money owed to the traveler goes to the traveler\xe2\x80\x99s bank account. Without split\n    disbursement, the traveler receives the entire voucher settlement and in turn pays the credit card bill.\n4\n    \x07The charge card contractor\xe2\x80\x99s Internet-based system that provides account access and a variety of reports that assist\n    in the effective management of the charge card programs.\n\n\n                                                                                                 April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 11\n\x0c                     Audit of NRC\xe2\x80\x99s Budget Execution Process\n                     OIG Strategic Goal: Corporate Management\n                                                                       The U.S. Government requires\n                                                                       Federal agencies to establish an\n                                                                       effective funds control process to\n                                                                       ensure funds are used only for the\n                                                                       purpose set forth by Congress and\n                                                                       that expenditures do not exceed\n                                                                       amounts authorized. The NRC\n                                                                       budget process consists of strategic\n                                                                       planning; budget formulation;\n                                                                       submission of the agency\xe2\x80\x99s budget\n                                                                       to OMB and Congress; approval\n                                                                       of the budget by Congress; budget\nSource: NRC OCFO\n                     execution; and the reporting of budget and performance results. The budget\n                     execution phase refers generally to the time period during which the budget authority\n                     made through an appropriation remains available for obligation by NRC. NRC\xe2\x80\x99s\n                     task during the budget execution process is to spend appropriated funds to carry out\n                     its mission in accordance with fiscal statutes. Between FY 2008 and FY 2012, NRC\xe2\x80\x99s\n                     budget appropriation ranged from $926.1 million to $1,066.9 million.5\n\n                     The audit objectives were to determine whether (1) NRC maintains proper\n                     financial control over appropriated and apportioned6 funds to ensure compliance\n                     with applicable Federal laws, policies, and regulations and (2) opportunities exist to\n                     improve the budget execution process.\n\n                     Audit Results:\n                     Overall, the agency maintains proper financial control over appropriated and apportioned\n                     funds to ensure compliance with applicable Federal laws, policies, and regulations.\n                     However, OIG identified opportunities for improvement in the following areas:\n\n                     \xe2\x80\xa2\t Incomplete\n                        \x07\x07         implementation of Planning, Budgeting, and Performance\n                        Management process.\n\n                     \xe2\x80\xa2\t Insufficient\n                        \x07\x07           understanding of Financial Accounting and Integrated Management\n                        Information System (FAIMIS) reporting capabilities.\n\n                     \xe2\x80\xa2\t \x07\x07Incomplete delegation and budget execution training records.\n\n                     Addressing these concerns will strengthen NRC\xe2\x80\x99s budget execution process.\n\n                     5\n                         \x07The FY 2010 enacted budget was $1,066.9 million.\n                     6\n                         \x07After Congress passes an appropriation, the Office of Management and Budget provides apportionments of\n                         funds, usually on a quarterly basis, to Federal agencies to make money available for use for specified time periods,\n                         programs, activities, projects, objects, or any combination of these.\n\n\n12 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cIncomplete Implementation of Planning, Budgeting, and Performance\nManagement Process\n\nNRC developed the Planning, Budgeting, and Performance Management process\nto integrate NRC\xe2\x80\x99s (1) strategic planning, (2) budget formulation (resource\ndetermination process), (3) budget execution (or monitoring performance process),\nand (4) performance assessment activities. However, NRC\xe2\x80\x99s budget formulation\nand execution processes are not aligned. In practice, NRC\xe2\x80\x99s budget formulation is\nbased on business lines but executed at the allowance holder level. For example,\nan NRC office may have the lead on two business lines that cross multiple offices.\nDuring budget execution, that same office controls expenditures only within its office.\nMoreover, inconsistent use of financial management system codes further inhibits\nbudget implementation. Although the agency recognizes this problem, management\nhas not yet implemented all the elements in the Planning, Budgeting, and\nPerformance Management process, and has not enforced the use of certain financial\nmanagement system codes. As a result, NRC\xe2\x80\x99s current budget process inhibits the\nagency\xe2\x80\x99s ability to determine agency business line costs.\n\nInsufficient Understanding of System Reporting Capabilities\n\nNRC staff do not fully understand how to obtain budget information from FAIMIS\nthat would be useful for decisionmaking. In October 2010, NRC began using\nFAIMIS as the agency\xe2\x80\x99s core financial system and the official system of record for\nbudget transactions. OIG conducted multiple interviews with staff throughout the\nagency who work on budget execution and learned that staff have difficulty obtaining\nand understanding budget execution reports. Although program managers need both\noperational and financial data to determine whether they are meeting agency goals,\nthe agency has not provided sufficient training on FAIMIS reporting functionalities\nand report availability. Without a full understanding of system capabilities to access\nbudget information, staff may not have the data needed to make informed business\ndecisions.\n\nIncomplete Delegation and Budget Execution Training Records\n\nAccording to Federal and agency guidance, NRC must maintain appropriate records\nand make such documentation available. However, supporting documents regarding\nfinancial management delegations and budget execution training are incomplete. This\nhas occurred because management does not have written recordkeeping procedures\nfor maintaining these documents. In addition, agency guidance does not specify\nwhether allowance holder delegations should be to the position or specific individual.\nWithout appropriate documentation, individuals may be executing transactions\noutside their authority.\n\n(Addresses Management and Performance Challenges #6)\n\n\n\n\n                                                                    April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 13\n\x0c                     Audit of NRC\xe2\x80\x99s Information Technology Readiness for\n                     Three White Flint North\n                     OIG Strategic Goal: Corporate Management\n                     The NRC headquarters campus in Rockville, MD, comprises three buildings: One\n                     White Flint North, Two White Flint North, and the recently completed Three White\n                     Flint North (3WFN). NRC planned this new building to provide adequate office\n                     space for all headquarters employees on one centralized campus, replacing NRC offices\n                     located at four separate leased spaces in Montgomery County, MD.\n                     Prior to moving staff into 3WFN, NRC must ensure that the information technology\n                     (IT) infrastructure is in place to allow staff to be fully functional in the new facility.\n                     This includes ensuring that IT systems located at other NRC headquarters facilities are\n                     transported to 3WFN, installed, and tested so that employees have access to the systems\n                     needed to do their jobs.\n                     NRC has moved its Professional Development Center and Office of the Chief Human\n                     Capital Officer to 3WFN. Staff from other NRC offices will occupy 3WFN in 2013 as\n                     NRC revises its move schedule to align with new General Services Administration space\n                     requirements.7\n                     The audit objective was to evaluate NRC\xe2\x80\x99s IT readiness during the transition to 3WFN.\n\n                     Audit Results:\n                     IT systems should undergo testing and necessary corrective action to ensure readiness\n                     for users upon deployment. Infrastructure testing included network connectivity and\n                     individual workstation testing.8 Based on interviews, contract analysis, and direct\n                     observation, OIG determined that NRC tested IT infrastructure in 3WFN and has\n                     appropriate plans for future system deployments in 3WFN.\n                     Infrastructure testing included network connectivity and individual workstation testing.\n                     NRC and its network maintenance contractor have procedures to move staff IT equipment\n                     into their new 3WFN workspace, and for testing this equipment before staff return to work.\n                     Some data systems, such as High Performance Computing,9 have separate contracts that\n                     provide for equipment setup and testing in 3WFN. Further, NRC\xe2\x80\x99s new Operations Center\n                     in 3WFN will undergo several months of testing to familiarize staff with the facility and its\n                     IT equipment, including mock exercises designed to simulate incident response scenarios\n                     involving NRC headquarters and regional personnel.\n                     OIG auditors concluded that NRC has performed appropriate IT system deployment\n                     planning and testing, and that these measures provide adequate IT readiness at 3WFN.\n                     (Addresses Management and Performance Challenge #5)\n\n                     7\n                         \x07Since the issuance of this audit report, two additional NRC offices have moved into 3WFN: the Office of Nuclear\n                         Security and Incident Response and Office of Nuclear Material Safety and Safeguards.\n                     8\n                         \x07NRC conducted testing of electrical and other infrastructure in 3WFN at the end of the building\xe2\x80\x99s construction\n                         phase in 2012.\n                     9\n                         \x07NRC\xe2\x80\x99s High Performance Computing System is used to perform nuclear reactor safety analysis, such as fluid\n                         dynamics computations.\n\n\n14 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAudit of NRC\xe2\x80\x99s Compliance with 10 CFR Part 51 Relative\nto Environmental Impact Statements\nOIG Strategic Goal: Safey\nThe National Environmental Policy Act of 1969 (NEPA)\nestablished a national policy to encourage productive and\nenjoyable harmony between man and his environment,\npromote efforts that will prevent or eliminate damage to the\nenvironment, and enrich the understanding of ecological\nsystems and natural resources important to the United States.\n                                                                  NRC\xe2\x80\x99s most recent final EIS, published in four volumes.\t\nTo implement NEPA, Federal agencies must undertake an\n                                                                                                                 Source: OIG\nassessment of the environmental effects of their proposed\nactions prior to making a decision. The two major purposes of the NEPA process\nare better informed decisions and citizen involvement. NEPA requires that Federal\nagencies prepare a detailed statement on the environmental impacts and effects,\nalternatives to the action, and irreversible commitments of resources involved in the\naction. This detailed statement is called an Environmental Impact Statement (EIS).\n\nNRC regulations to implement NEPA are found in Title 10, Code of Federal\nRegulations, Part 51 (10 CFR Part 51). The purposes of NEPA and its\nimplementation dovetail with NRC\xe2\x80\x99s organizational values of openness and\ntransparency, as expressed in the Principles of Good Regulation and the Strategic Plan.\nNRC activities generate a great deal of public interest. For their participation to be\nmeaningful, stakeholders must have access to clear and understandable information\nabout NRC\xe2\x80\x99s role, process, activities, and decisionmaking.\n\nThe audit objective was to determine whether NRC complies with the regulations in\n10 CFR Part 51 relative to the preparation of environmental impact statements.\n\nAudit Results:\nIn recent years, NRC has taken steps to enhance its NEPA reviews and procedures.\nThese initiatives have generated important discussions and provide a context for long-\nterm progress. However, OIG identified areas of noncompliance with 10 CFR Part\n51 relative to disclosure and public involvement. In order to clearly communicate\nthe results of and involve the public in its environmental reviews, NRC management\nshould strengthen its EIS preparation process by:\n\n\xe2\x80\xa2\t \x07Publishing a Record of Decision (ROD) that complies with 10 CFR 51.102 and 51.103.10\n\xe2\x80\xa2\t \x07Publishing an EIS that complies with the format provided in 10 CFR Part 51,\n    Appendix A.\n\xe2\x80\xa2\t \x07Performing all regulatory requirements for scoping for EISs that tier off of a generic EIS.11\n\n10\n     \x07The ROD ties together the results of the environmental review and serves as an important vehicle for informing\n     the public of the agency\xe2\x80\x99s conclusions and recommendations.\n11\n     \x07NRC uses the term generic EIS to refer to a programmatic EIS, which assesses the scope and impact of the\n     environmental effects that would be associated with an action at numerous sites.\n\n\n                                                                                             April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 15\n\x0c                     Records of Decision Not in Full Compliance With Regulations\n\n                     NRC offices with EIS preparation responsibilities do not publish a ROD that\n                     complies with the requirements in 10 CFR Part 51. NRC regulations provide\n                     specific criteria for the publication of a ROD and what must be included in a ROD.\n                     NRC does not publish a ROD that complies with its regulations because within\n                     the agency there are incorrect and varying interpretations of what the regulations\n                     require. Thus, NRC is not in compliance with its regulations. As a result, NRC\n                     (1) does not adequately notify the public, including Congress, Federal agencies,\n                     government partners, and other stakeholders, of its decision and the basis of that\n                     decision and (2) undermines its extensive efforts to be clear, open, and transparent.\n\n                     NRC EISs Do Not Follow the Required Format\n\n                     NRC\xe2\x80\x99s EISs do not follow the format described by 10 CFR Part 51, Appendix A.\n                     Appendix A to 10 CFR Part 51 identifies the format elements that must be included.\n                     NRC\xe2\x80\x99s EISs do not follow the Appendix A format because controls are not in place to\n                     assure use of that format. Thus, NRC is not in compliance with its regulations. As\n                     a result, NRC (1) does not clearly present, in an accessible way, the proposed action,\n                     alternatives, and conclusions to stakeholders and (2) undermines its extensive efforts\n                     to be clear, open, and transparent.\n\n                     NRC Not in Full Compliance With Scoping Regulations\n\n                     NRC did not fully comply with scoping regulations for in-situ uranium recovery\n                     EISs that tier off of a generic EIS. NRC regulations require scoping when preparing\n                     an EIS and specify actions the agency must take during the scoping process. NRC\n                     did not fully comply with the scoping regulations because there is an incorrect\n                     understanding of the regulations related to scoping for EISs that tier off of a generic\n                     EIS. Thus, NRC is not in compliance with its regulations. By not fully complying\n                     with the regulations, NRC may exclude some interested persons who wish to\n                     participate in the process. Additionally, NRC undermines its extensive efforts to be\n                     clear, open, and transparent.\n\n                     (Addresses Management and Performance Challenges #1 and #3)\n\n\n\n                     Audit of NRC\xe2\x80\x99s Implementation of Federal Classified\n                     Information Laws and Policies\n                     OIG Strategic Goal: Security\n                     The Reducing Over-Classification Act12 (the Act) states that over-classification of\n                     information interferes with information sharing, increases information security costs,\n                     and needlessly limits stakeholder and public access to information. Further, the Act\n                     asserts that over-classification negatively affects dissemination of information within\n\n                     12\n                          \x07Public Law 111-258/H.R. 553, \xe2\x80\x9cReducing Over-Classification Act,\xe2\x80\x9d October 7, 2010.\n\n\n16 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cthe Federal Government; with State, local, and tribal entities; and with the private\nsector.13 Lastly, the Act states that Federal agencies that perform classification are\nresponsible for promoting compliance with applicable laws, executive orders, and\nother authorities pertaining to classification.\n\nNRC must protect classified information related to Federal Government programs\nfor securing nuclear materials and facilities. Classification is the process of identifying\ninformation that must be protected against unauthorized disclosure in the interest of\nnational security. Classification may be performed only by personnel who have been\ndelegated special authority and undergone required training. Specifically, Original\nClassifiers can make an initial determination, in the interest of national security, that\ninformation requires protection from unauthorized disclosure. In contrast, Derivative\nClassifiers may only restate or paraphrase information that has already been classified.\n\nOn December 29, 2009, the President of the United States signed Executive Order\n13526, \xe2\x80\x9cClassified National Security Information\xe2\x80\x9d (the Order), which establishes\ncurrent principles, policies, and procedures for classification. On June 25, 2010, the\nNational Archives and Records Administration\xe2\x80\x99s Information Security Oversight\nOffice issued a directive (the Directive) in the CFR14 that included guidance to be\nused by Federal agencies in implementing the Order.\n\nIn accordance with the Act\xe2\x80\x99s requirements, the audit objectives were to (1) assess\nwhether applicable classification policies, procedures, rules, and regulations have been\nadopted, followed, and effectively administered within such department, agency, or\ncomponent, and (2) identify policies, procedures, rules, regulations, or management\npractices that may be contributing to persistent misclassification of material within\nsuch department, agency, or component.\n\nAudit Results:\nOIG auditors reviewed NRC policies and procedures for its classified information\nsecurity program and developed five findings with corresponding recommendations\nto improve agency compliance with current Federal Government standards. Auditors\nalso reviewed a non-statistical sample of classified documents produced by NRC\nstaff and found a limited number of marking errors but no evidence of systemic\nmisclassification.\n\nOriginal Classifier Training\n\nThe Order and the Directive require Original Classifiers to undergo annual training.15\nFurther, Original Classifiers who do not undergo annual training are to have their\nauthority suspended.16 Through interviews with 3 of 11 NRC personnel who have\noriginal classification authority, auditors learned that these personnel had not taken\n\n13\n     \x07Public Law 111-258, Section 2, \xe2\x80\x9cFindings.\xe2\x80\x9d\n14\n     \x0732 CFR Parts 2001 and 2003.\n15\n     \x07E.O. 13526, Section 1.3(d) and 32 CFR 2001.71(c).\n16\n     \x07Original Classifiers may receive a waiver if they are unable to take required training because of unavoidable\n     circumstances.\n\n\n                                                                                               April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 17\n\x0c                     required training. Required Original Classifier training has not occurred because\n                     NRC\xe2\x80\x99s Management Directive 12.2, NRC Classified Information Security Program, does\n                     not prescribe training in accordance with current Federal standards. NRC\xe2\x80\x99s Original\n                     Classifiers who fail to meet their training requirements cannot perform classification\n                     work in an emergency, or in other unexpected circumstances that might require\n                     them to exercise their authority. Further, this training is intended to cover relevant\n                     administrative duties in addition to classification that Original Classifiers may need to\n                     perform as part of their work.\n\n                     Training Certification Is Not Documented as Required\n\n                     Federal law requires documentation of training for Original and Derivative\n                     Classifiers. Public Law 111-258 specifically states that training for Original and\n                     Derivative Classifiers is a prerequisite, \xe2\x80\x9cas evidenced by an appropriate certificate or\n                     other record\xe2\x80\x9d for obtaining original classification authority or derivatively classifying\n                     information, and for maintaining such authority.17 However, NRC classifiers are not\n                     issued training certificates or other documentation after completing required training.\n                     NRC staff explained that individual classifiers\xe2\x80\x99 training information is managed by\n                     e-mail correspondence, and that cognizant staff maintain a record of this activity.\n                     In contrast, other programs at NRC use the agency\xe2\x80\x99s automated training system,\n                     iLearn, to track training dates and validate credentials that require specific training.\n                     Managing classifier training requirements and credentials centrally in NRC\xe2\x80\x99s iLearn\n                     system would provide classifiers and their supervisors better visibility over training\n                     obligations, and would facilitate compliance with Public Law 111-258 criteria. It\n                     would also mitigate risk associated with reliance on a single person to manage training\n                     requirements and records through e-mail correspondence and computer desktop files.\n\n                     NRC Conducts Self-Inspections With Limited Scope\n\n                     Federal standards require agencies to conduct routine self-inspections of classified\n                     information security programs. Specifically, the Order and the Directive state that\n                     self-inspections are to include regular reviews of representative samples of original\n                     and derivative classifications, and misclassifications are to be corrected.18 NRC\n                     conducts self-inspections of its classified information security program.19 However,\n                     these self-inspections do not include representative samples of classifications insofar\n                     as the Office of Nuclear Security and Incident Response (the NRC office responsible\n                     for classified information security) does not review work produced by classifiers\n                     from other offices. Management Directive (MD) 12.2 calls for a self-inspection\n                     program, but does not reflect current Federal standards. Specifically, NRC\xe2\x80\x99s guidance\n                     does not call for representative sampling of agency classifications and correction of\n                     misclassifications. Expanded self-inspections would improve NRC\xe2\x80\x99s oversight of\n                     classification activity.\n\n\n\n\n                     18\n                          \x07E.O. 13526 Section 5.4(d)(4), and 32 CFR 2001.60.\n                     19\n                          NRC reported having conducted two self-inspections in FY 2012.\n\n\n18 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cNRC Does Not Include Classification Duties in Staff Position Descriptions\nand Performance Evaluations\n\nCurrent Federal standards require NRC and other agencies to include classification\nduties in staff performance management. However, most Derivative Classifiers at\nNRC do not have classification duties in their position descriptions and are not rated\non these tasks. Cognizant NRC staff are aware of this requirement but face labor\nnegotiation challenges in meeting it. Developing a solution would benefit NRC\nbecause Federal policy emphasizes the importance of classification duties as well\nas employees\xe2\x80\x99 roles in promoting classified information security. NRC staff who\nroutinely process and/or handle classified information cannot be held accountable\nand incentivized for this work if it is not considered as part of their formal position\ndescription used for performance evaluations.\n\nManagement Directive 12.2 Needs Comprehensive Update\n\nNRC\xe2\x80\x99s internal policy requires the agency\xe2\x80\x99s management directives to be updated\nto reflect changes in Federal law and regulation, and to be revised every 5 years\nfollowing a management directive\xe2\x80\x99s last complete revision. NRC has not updated\nMD 12.2 to reflect current Federal policy and some agency practices. NRC\xe2\x80\x99s process\nfor revising management directives has deferred revision of MD 12.2 (last approved\nin July 2006, with exception of one page that was updated in August 2007) until 2014.\nNRC should comply with internal standards for management directive revision to\nensure staff have current and accurate guidance to support their work. Beyond the\npractical importance of timely management directive revisions, alignment between\nNRC guidance and higher level Federal guidance is important for positioning NRC\nas a responsive, transparent regulatory organization.\n\n(Addresses Management and Performance Challenge #2)\n\n\n\nAudit of NRC\xe2\x80\x99s Ongoing Eligibility for Access Authorization\nOIG Strategic Goal: Security\nThe objective of NRC\xe2\x80\x99s personnel security program is to provide assurance that those\nwith access to NRC facilities, classified information, sensitive NRC information and\nequipment, nuclear power facilities, and special nuclear material20 are reliable and\ntrustworthy. In order to provide such assurance, NRC\xe2\x80\x99s Personnel Security Branch\n(PSB) administers the personnel security program, granting or denying access to\nclassified information.21\n\n20\n     \x07Special nuclear material (SNM) is defined by Title I of the Atomic Energy Act of 1954 as plutonium, uranium-\n     233, or uranium enriched in the isotopes uranium-233 or uranium-235. The definition includes any other\n     material that the Commission determines to be SNM, but does not include source material. NRC has not\n     declared any other material as SNM.\n21\n     \x07The Office of Personnel Management (OPM) Federal Investigative Services Division is NRC\xe2\x80\x99s investigative\n     provider. NRC applicants, employees, contractors, and licensees are submitted for investigation through OPM.\n\n\n                                                                                            April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 19\n\x0c                                                              Access authorization is an administrative determination\n                                                              that an individual is eligible for a security clearance\n                                                              for access to Restricted Data22 or National Security\n                                                              Information.23 Access authorization eligibility\n                                                              requires an affirmative determination by PSB that the\n                                                              person in question is an acceptable security risk. The\n                                                              determination is a comprehensive, commonsense\n                                                              judgment, made after consideration of all the\n                                                              information, favorable or unfavorable, relevant to\n                                                              whether granting access authorization would be clearly\n                                                              consistent with the national interest.\nSource: OIG\n                     A favorable determination results in PSB issuing a security clearance. Classified\n                     access requirements determine the type of clearance issued. All NRC employees are\n                     required to have a security clearance. PSB primarily issues the following clearances:\n                     Q Clearance \xe2\x80\x93 Top Secret, and L Clearance \xe2\x80\x93 Secret. As of August 2013, 1,196 NRC\n                     employees had Q clearances, 3,146 had L clearances, and 296 were designated as L(H)\n                     (Secret \xe2\x80\x93 High Public Trust).24\n\n                     Maintaining access authorization requires periodic background reinvestigations and\n                     adherence to security requirements. Individuals who possess \xe2\x80\x9cQ,\xe2\x80\x9d \xe2\x80\x9cL(H),\xe2\x80\x9d or \xe2\x80\x9cL\xe2\x80\x9d\n                     security clearances undergo reinvestigations and may also be reinvestigated if, at any\n                     time, there is reason to believe that they may no longer meet the standards for access\n                     authorization. PSB initiates a reinvestigation every 5 years for \xe2\x80\x9cQ\xe2\x80\x9d and \xe2\x80\x9cL(H)\xe2\x80\x9d (high\n                     public trust) clearances and every 10 years for \xe2\x80\x9cL\xe2\x80\x9d clearances. Additionally, individuals\n                     are required to self-report information to PSB that might compromise their\n                     continued eligibility for access to NRC facilities, material, or classified information.\n\n                     The audit objective was to determine if NRC has processes in place to ensure that\n                     NRC employees comply with personnel reporting responsibilities for continued NRC\n                     access authorization eligibility.\n\n                     Audit Results:\n                     NRC employees are required to comply with personnel reporting responsibilities for\n                     continued access authorization. Specifically, employees are required to report certain\n                     events that may bring into question their reliability and trustworthiness. For example,\n                     the following are some of the events employees are required to report:\n\n\n\n\n                     22\n                          \x07Restricted Data: Information classified by the Atomic Energy Act, whose compromise would assist in the design,\n                          manufacture, or utilization of nuclear weapons.\n                     23\n                          \x07National Security Information: Information classified by an Executive Order, whose compromise would cause\n                          damage to the national security.\n                     24\n                          \x07NRC also issues L(H) high public trust clearances. Classified access requirements for individuals with L and\n                          L(H) clearances are the same. However, individuals with L(H) clearances undergo a more rigorous initial\n                          background investigation and receive more frequent periodic reinvestigations.\n\n\n20 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0c\xe2\x80\xa2\t \x07Use of intoxicating beverages habitually to excess without evidence of\n    rehabilitation.\n\n\xe2\x80\xa2\t \x07Use of, trafficking in, sale, transfer, or possession of an illegal drug or other\n    controlled substance (except as prescribed by a physician licensed to dispense\n    drugs in the practice of medicine), without evidence of rehabilitation.\n\n\xe2\x80\xa2\t \x07Arrests, charges, detentions, or any criminal conduct that indicates a history\n    or pattern of criminal activity that creates doubt about a person\xe2\x80\x99s judgment,\n    reliability, or trustworthiness.\n\n\xe2\x80\xa2\t \x07Any financial considerations that indicate an inability or an unwillingness to\n    satisfy debts, and financial problems linked to gambling, drug abuse, alcoholism,\n    or other issues of a security concern.\n\nNRC employees rarely comply with personnel reporting responsibilities for\ncontinued access authorization. OIG reviewed a judgmentally selected sample\nof 35 NRC employee background reinvestigations to determine compliance with\nreporting responsibilities and found 26 files containing information developed during\nthe reinvestigation concerning certain events that might bring into question staff\nreliability and trustworthiness. These events should have been reported to PSB prior\nto the initiation of the reinvestigation. (The majority of the reportable events were\nfinancial in nature.) However, only 3 of 26 employees (approximately 11.5 percent)\ncomplied with personnel reporting responsibilities and reported to PSB as required by\nregulation.\n\nNRC does not have sufficient processes in place to ensure that NRC employees\ncomply with personnel reporting responsibilities for continued NRC access\nauthorization eligibility. Specifically, NRC does not regularly inform employees of\npersonnel reporting responsibilities and there is no process to impose consequences\nfor not self-reporting.\n\nCertain types of information must be assiduously protected. When a person\xe2\x80\x99s actions\nshow evidence of unreliability or untrustworthiness, questions arise whether the\nperson can be relied on to protect classified information. The unauthorized disclosure\nof classified information can cause irreparable damage to the national security and loss\nof human life.\n\n(Addresses Management and Performance Challenge #2)\n\n\n\n\n                                                                       April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 21\n\x0c                     Audits in Progress\n                     Audit of NRC\xe2\x80\x99s Implementation of Its NEPA\n                     Responsibilities\n                     OIG Strategic Goal: Safety\n                     NEPA required Federal agencies to consider the environmental impacts of actions\n                     under their jurisdiction. NEPA requires that an EIS of the proposed action be prepared\n                     for major Federal actions significantly affecting the quality of the human environment.\n                     Consultations among stakeholders to ensure compliance with statutory mandates, such\n                     as with Section 7 of the Endangered Species Act of 1973 and Section 106 of the National\n                     Historic Preservation Act of 1966, are also part of the NEPA review process.\n\n                     NEPA broadly impacts NRC. Several agency offices conduct environmental reviews.\n                     A NEPA review may be initiated in response to a rulemaking, an application for\n                     a new license or certification, a license amendment, or a decommissioning plan\n                     submitted to the NRC. Generic EISs have been developed to guide staff in the\n                     areas of nuclear plant licensing renewal, decommissioning of nuclear facilities, and\n                     applications for in situ uranium recovery operations. Standard review plans support\n                     staff environmental reviews in other areas. Growing public concern over licensing\n                     issues such as reactor aging and spent fuel storage heightens the importance of\n                     successfully completing environmental reviews.\n\n                     The audit objective is to determine whether NRC implements its environmental\n                     review and consultation responsibilities as prescribed by NEPA.\n\n                     (Addresses Management and Performance Challenge #3)\n\n\n\n                     Audit of NRC\xe2\x80\x99s Oversight of Equipment Aging\n                     OIG Strategic Goal: Safety\n                     The U.S. fleet of commercial nuclear power plants is aging with an average age\n                     over 29 years. Additionally, approximately 90 percent of the 104 licensed plants\n                     have either received, are awaiting approval for, or intend to seek a 20-year license\n                     extension. This presents emergent challenges as previously unseen equipment\n                     failures occur. Aging failures can affect major components such as unit transformers,\n                     reactor coolant/recirculation pumps, and other large motors, and present material\n                     challenges, such as cracks in thermally treated components and related equipment\n                     degradation. Failures of these components can result in operating anomalies and\n                     degraded safety equipment, both affecting nuclear safety.\n\n                     The audit objective is to determine if NRC is providing effective oversight of\n                     industry\xe2\x80\x99s aging component programs.\n\n                     (Addresses Management and Performance Challenge #3)\n\n\n22 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAudit of NRC\xe2\x80\x99s Support for Resident Inspectors\nOIG Strategic Goal: Safety\nThe core of the NRC inspection program for nuclear power plants and fuel-cycle\nfacilities is carried out by resident (onsite) inspectors. These inspectors provide an onsite\nNRC presence for direct observation and verification of licensees\xe2\x80\x99 ongoing activities.\nGenerally, the NRC regions manage resident inspector assignments, which include at\nleast two inspectors that are assigned to each site for a period of up to 7 years.\n\nResident inspector guidance stems from various sources. For example, for operating\nreactors, Inspection Manual Chapter 1202, Senior Resident and Resident Inspector Site\nTurnover, provides guidelines to ensure that resident inspectors new to a site have the\nnecessary knowledge and site familiarity to successfully implement the reactor oversight\nprocess (including allegations and enforcement) and emergency response duties.\n\nDuring the course of their assignment, the resident inspectors variously also require\nadditional types of support for such areas as telecommunications, human resources,\ntechnical review, and legal counsel. Furthermore, the ability to communicate\neffectively and efficiently with the regional offices, NRC headquarters, and other\nresident inspectors is vitally important to their ability to meet the expectations of\nNRC management and the public.\n\nThe audit objectives are to evaluate the effectiveness of NRC support provided to the\nresident inspectors at nuclear power plants, fuel-cycle facilities, and construction sites.\n\n(Addresses Management and Performance Challenge #3)\n\n\n\nAudit of NRC\xe2\x80\x99s Information Technology Governance\nOIG Strategic Goal: Corporate Management\nIT governance pertains to stewardship of IT resources in order to most efficiently\nand effectively attain agency vision, mission, goals, and objectives.\n\nNRC has two IT governance boards \xe2\x80\x93 the Information Technology/Information\nManagement Board (ITB) and the Information Technology/Information Management\nPortfolio Executive Council (IPEC). The ITB is a review body created to make\nrecommendations to the IPEC on the agency\xe2\x80\x99s IT architecture, perform portfolio\nanalyses, and review technologies and standards. The IPEC is an executive\nmanagement body established to provide strategic direction and to set fiscal year\npriorities, among other things. NRC also performs other types of management\ncontrol activities that are overseen by these governance boards.\n\nThe audit objective will be to assess the effectiveness of NRC\xe2\x80\x99s current IT\ngovernance in meeting the agency\xe2\x80\x99s current and future IT needs.\n\n(Addresses Management and Performance Challenge #5)\n\n\n                                                                          April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 23\n\x0c                     Audit of NRC\xe2\x80\x99s FY 2013 Financial Statements\n                     OIG Strategic Goal: Corporate Management\n                     Under the Chief Financial Officers Act and the Government Management and Reform\n                     Act, the OIG is required to audit the financial statements of the NRC. OIG will\n                     measure the agency\xe2\x80\x99s improvements by assessing corrective action taken on prior\n                     audit findings. The report on the audit of the agency\xe2\x80\x99s financial statements is due on\n                     December 16, 2013. In addition, OIG will issue reports on:\n\n                     \xe2\x80\xa2\t \x07Special Purpose Financial Statements.\n\n                     \xe2\x80\xa2\t \x07Implementation of the Federal Managers\xe2\x80\x99 Financial Integrity Act.\n\n                     \xe2\x80\xa2\t \x07Summary of Performance and Financial Information.\n\n                     \xe2\x80\xa2\t \x07Agency compliance with the Improper Payments Elimination and Recovery Act of\n                         2010.\n\n                     The audit objectives are to:\n\n                     \xe2\x80\xa2\t \x07Express opinions on the agency\xe2\x80\x99s financial statements and internal controls.\n\n                     \xe2\x80\xa2\t \x07Review compliance with applicable laws and regulations.\n\n                     \xe2\x80\xa2\t \x07Review the controls in the NRC\xe2\x80\x99s computer systems that are significant to the\n                         financial statements.\n\n                     \xe2\x80\xa2\t \x07Assess the agency\xe2\x80\x99s compliance with OMB Circular A-123, Revised, Management\xe2\x80\x99s\n                         Responsibility for Internal Control.\n\n                     \xe2\x80\xa2\t \x07Assess agency compliance with the Improper Payments Elimination and Recovery Act\n                         of 2010.\n\n                     (Addresses Management and Performance Challenge #6)\n\n\n\n\n24 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAudit of NRC\xe2\x80\x99s Process for Addressing Bankruptcy of\nMaterials Licensees\nOIG Strategic Goal: Safety\nAn NRC materials licensee\xe2\x80\x99s financial condition could affect its ability to control\nlicensed material. Provisions of the Atomic Energy Act and regulations in 10 CFR\nrequire that NRC licensees notify NRC in the case of bankruptcy. These provisions\nare in place to assure that appropriate measures to protect the public health and\nsafety have been or will be taken during a licensee\xe2\x80\x99s bankruptcy filing. These\nmeasures include:\n\n\xe2\x80\xa2\t \x07Maintaining security of licensed material and contaminated facilities.\n\n\xe2\x80\xa2\t \x07Assuring that licensed material is transferred only to properly authorized NRC\n    or Agreement State licensees.\n\nNRC\xe2\x80\x99s Bankruptcy Review Team was formed to review and act on bankruptcy\nnotifications as they occur. NRC staff are then required to address any concerns\nidentified that may impact public health and safety.\n\nThe audit objective is to determine if NRC has reasonable assurance that appropriate\nmeasures to protect the public health and safety have been or will be taken during\nbankruptcies involving byproduct, source, or special nuclear materials licensees.\n\n(Addresses Management and Performance Challenge #1)\n\n\n\nAudit of NRC\xe2\x80\x99s Use of the NEWFlex Program\nOIG Strategic Goal: Corporate Management\nNRC Employee Work Schedule Flexibilities (NEWFlex) is a program that offers\nexpanded work schedule and additional credit hour options to help employees balance\ntheir work/life activities while at the same time assuring that each NRC office is able\nto execute its mission. This program is available to almost all NRC staff. NEWFlex\nis optional to employees, and the schedule is subject to supervisory approval. The\nprogram offers a flexible (variable) schedule that includes, but is not limited to, an\nextension of hours, schedules that can vary daily, and core hours. NEWFlex applies to\nemployees while working at home, and supports the agency\xe2\x80\x99s telework initiative.\n\nEach Federal agency must determine (1) whether to establish alternative work schedule\nprograms; (2) how to administer the programs efficiently; (3) how to comply with the\nspirit of the President\xe2\x80\x99s memoranda of July 11, 1994, and June 21, 1996, on providing\nfamily-friendly work arrangements; and (4) how to ensure that the programs do not\ncause an adverse agency impact. Agencies wishing to establish flexible or compressed\n\n\n\n                                                                      April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 25\n\x0c                     work schedules permitted under 5 U.S.C. 6122 and 5 U.S.C 6127 do not need Office of\n                     Personnel Management approval.\n\n                     The audit objectives are to assess (1) NRC\xe2\x80\x99s adherence to applicable laws and\n                     regulations, (2) the adequacy of NRC\xe2\x80\x99s internal controls associated with the program,\n                     and (3) whether the program adequately addresses unique situations such as drug\n                     testing, official travel, and other events.\n\n                     (Addresses Management and Performance Challenge #7)\n\n\n\n                     Audit of NRC\xe2\x80\x99s Full-Time Telework Program\n                     OIG Strategic Goal: Corporate Management\n                     The Telework Enhancement Act of 2010 (Public Law 111-292), was signed into law\n                     on December 9, 2010. The act is a key factor in the Federal Government\xe2\x80\x99s ability\n                     to achieve greater flexibility in managing its workforce through the use of telework.\n                     Telework (1) is a strategy to improve Continuity of Operations to help ensure that\n                     essential Federal functions continue during emergency situations, (2) promotes\n                     management effectiveness when telework is used to target reductions in management\n                     costs and environmental impact and transit costs, and (3) enhances work-life balance,\n                     i.e., telework allows employees to better manage their work and family obligations.\n                     The law specifies roles and responsibilities for the Office of Personnel Management,\n                     General Services Administration, Office of Management and Budget, Department\n                     of Homeland Security, National Archives and Records Administration, and others to\n                     provide overall guidance to Federal executive agencies.\n\n                     The term telework or teleworking refers to a work flexibility arrangement under\n                     which an employee performs the duties and responsibilities of their position, and\n                     other authorized activities, from an approved worksite other than the location from\n                     which the employee would otherwise work. In practice, telework represents a work\n                     arrangement that allows an employee to perform work, during any part of regular,\n                     paid hours, at an approved alternative worksite such as home or a telework center.\n                     This definition of telework includes what is generally referred to as remote work, but\n                     does not include any part of work done while on official travel.\n\n                     In the past, agencies have sometimes used the term remote to describe a work\n                     arrangement in which the employee resides and works at a location beyond the local\n                     commuting area of the employing organization\xe2\x80\x99s worksite or to describe a full-time\n                     telework arrangement. For reporting purposes, these employees should be included\n                     as teleworkers. While some agencies do permit full-time telework, it is not the\n                     norm. In fact, the act specifically identifies the following categories of part-time\n                     participation and requires that agencies report on the specific number of employees\n                     each year that telework:\n\n                     \xe2\x80\xa2\t \x073 or more days per pay period (denotes a biweekly pay period).\n\n\n26 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0c\xe2\x80\xa2\t \x071 or 2 days per pay period.\n\n\xe2\x80\xa2\t \x07Once per month.\n\n\xe2\x80\xa2\t \x07On an occasional, episodic, or short-term basis (i.e., situational telework such as\n    ad-hoc or unscheduled telework).\n\nSpecifically, with regard to program implementation of full-time telework, each\nagency\xe2\x80\x99s policies should identify whether full-time telework arrangements are\nallowable in the agency and, if so, aspects of the employment arrangement that\ncould potentially change if an employee teleworks full-time (e.g., could there be\nconsequences to locality pay, benefits, travel, reduction-in-force procedures, etc.).\n\nThe audit objectives are to determine (1) if NRC\xe2\x80\x99s telework program complies with\napplicable laws and regulations, and (2) the adequacy of internal controls over the program.\n\n(Addresses Management and Performance Challenge #7)\n\n\n\nIndependent Evaluation of NRC\xe2\x80\x99s Implementation of the\nFederal Information Security Management Act (FISMA)\nfor Fiscal Year 2013\nOIG Strategic Goal: Security\nThe Federal Information Security Management Act (FISMA) was enacted on\nDecember 17, 2002. FISMA permanently reauthorized the framework laid out in\nthe Government Information Security Reform Act, which expired in November 2002.\nFISMA outlines the information security management requirements for agencies,\nincluding the requirement for an annual review and annual independent assessment by\nagency IGs. In addition, FISMA includes new provisions such as the development of\nminimum standards for agency systems, aimed at further strengthening the security of\nFederal Government information and information systems. The annual assessments\nprovide agencies with the information needed to determine the effectiveness of\noverall security programs and to develop strategies and best practices for improving\ninformation security.\n\nFISMA provides the framework for securing the Federal Government\xe2\x80\x99s information\ntechnology including both unclassified and national security systems. All agencies\nmust implement the requirements of FISMA and report annually to OMB and\nCongress on the effectiveness of their security programs.\n\nThe objective is to conduct an independent evaluation of the NRC\xe2\x80\x99s implementation\nof FISMA for FY 2013.\n\n(Addresses Management and Performance Challenge #2)\n\n\n\n                                                                        April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 27\n\x0c                     Audit of NRC\xe2\x80\x99s Method for Retaining and Documenting\n                     Information Supporting the Yucca Mountain Licensing\n                     Process\n                     OIG Strategic Goal: Safety\n                     In March 2010, the Department of Energy (DOE) filed a motion with NRC to\n                     withdraw its license application for the Yucca Mountain high level waste repository.\n                     Subsequently, the former Chairman directed NRC staff to take actions to facilitate\n                     an orderly closeout of the Yucca Mountain review process, including documenting\n                     material reviewed to date for retention purposes and potential future review in\n                     accordance with agency policy.\n\n                     It is the policy of the NRC that all official records made or received by the NRC\n                     in the course of its official business comply with the regulations governing Federal\n                     records management issued by the National Archives and Records Administration\n                     and the General Services Administration. Specifically, agency policy on the retention\n                     of records and information states that records are to be maintained and preserved\n                     as evidence of the NRC\xe2\x80\x99s organization, functions, policies, decisions, procedures,\n                     operations, or other activities\xe2\x80\xa6.\xe2\x80\x9d Additionally, agency records are to be maintained\n                     in such a way that all information can be stored safely and retrieved easily when\n                     necessary\xe2\x80\xa6.\xe2\x80\x9d\n\n                     Given the uncertainty and public interest surrounding the issue of high-level waste\n                     storage, it is important that NRC maintain agency records related to the review\n                     of the Yucca Mountain high level waste repository DOE license application in\n                     accordance with Federal requirements and agency policy.\n\n                     The audit objective is to determine if agency policy and procedures on document\n                     management provide reasonable assurance that documentation related to the review\n                     of the Yucca Mountain facility has been appropriately documented and retained.\n\n                     (Addresses Management and Performance Challenge #4)\n\n\n\n\n28 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cInvestigations\nDuring this reporting period, OIG received 100 allegations, initiated 39 investigations,\nand closed 35 cases. In addition, the OIG made 6 referrals to NRC management and 7 to\nthe Department of Justice.\n\nInvestigative Case Summaries\nRegion IV\xe2\x80\x99s Potential Violation of the No Fear Act25\nOIG Strategic Goal: Corporate Management\nOIG conducted an investigation based on a number of allegations in an anonymous\nletter sent to Congress and the NRC Commission alleging that an NRC Region IV\nmanager retaliated against regional staff for raising safety issues involving inspection\nactivities at the Fort Calhoun Station nuclear power plant, concerning an onsite fire,\nand the adequacy of flood protection measures. It was further alleged that Region\nIV has a chilled workplace environment that dissuades inspectors from identifying\nsafety issues that may be challenged by regional management.\n\nInvestigative Results:\nOIG found that the Region IV manager supported the issuance of a yellow finding\n(substantial safety significance) rather than a red finding (high safety significance)\nregarding conditions relating to the 2011 fire based on specific technical concerns\nabout the accuracy of a red characterization. Notwithstanding the manager\xe2\x80\x99s\nexpressed views, a red finding was issued in this matter as a preliminary and a final\nfinding. Additionally, OIG found that the manager raised concerns about the\nbasis for a yellow finding concerning flood protection measures at the site. The\nresolution of the concerns resulted in a long delay in reporting the finding, but\nconcluded with the manager supporting the yellow finding.\n\nOIG found that despite staff assertions, there was no evidence that the manager\naltered or removed safety findings from inspection reports without the concurrence\nof the reporting inspector.\n\nOIG also found that performance appraisals for Region IV risk analysts under the\nmanager\xe2\x80\x99s supervision were downgraded in the 2009 performance year. There was\nno evidence that these downgrades were related to and in retaliation for raising\nsafety issues. In a separate issue, evidence was developed that a Region IV reactor\ninspector received a performance downgrade following a disagreement with the\nmanager over a 2009 inspection finding, and that the disagreement was a factor in\nthe downgrade.\n\nIn addition, OIG found widespread concern among Region IV employees about\ninteraction with the manager due to his interpersonal behavior. Employees did\n\n25\n     \x07The No FEAR Act provides for an environment where employees feel confident in coming forward to report\n     possible violations of law, rule, or regulation; gross mismanagement; gross waste of funds; abuse of authority; or a\n     substantial and specific danger to public health and safety.\n\n\n                                                                                                April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 29\n\x0c                     distinguish the manager\xe2\x80\x99s interpersonal manner from his commitment to safety.\n                     However, OIG did find that negative perceptions of the manager\xe2\x80\x99s style created\n                     perceptions among some Region IV employees of a chilled workplace environment.\n\n                     Further, OIG found that Region IV managers had been apprised of specific\n                     concerns from non-supervisory employees and branch chiefs about the manager\xe2\x80\x99s\n                     behavior, but that while some remedial measures were proposed, none included\n                     formal or documented performance counseling.\n\n\n\n                     NRC Region III\xe2\x80\x99s Handling of a Pinhole Coolant Leak at\n                     Davis-Besse Nuclear Power Station, Oak Harbor, OH\n                     OIG Strategic Goal: Safety\n                     OIG completed an investigation into a congressional concern that the NRC Region\n                     III Public Affairs Officer (PAO) provided inaccurate and misleading information\n                     pertaining to a pressure boundary leak in a pipe at FirstEnergy\xe2\x80\x99s Nuclear Power\n                     Station, Davis-Besse, located in Oak Harbor, OH.\n\n                     It was alleged that after FirstEnergy discovered \xe2\x80\x9ca pinhole coolant leak in a pipe\n                     weld while performing a walk down inspection of the plant,\xe2\x80\x9d the PAO was quoted\n                     in a June 7, 2012, Bloomberg News article stating that the leak was below the NRC\n                     threshold for mandatory reporting. Further, it was alleged that the leak at Davis-\n                     Besse was not below NRC\xe2\x80\x99s threshold for mandatory reporting and Region III had\n                     publicly provided an inaccurate statement.\n\n                     Additionally, the congressional concern included a disparity among statements\n                     made by NRC staff, the NRC Region III PAO, and FirstEnergy regarding\n                     cracking in Davis-Besse\xe2\x80\x99s shield building wall that was discovered by the licensee\n                     on October 11, 2011. The PAO and FirstEnergy publicly stated that the cracks\n                     were in an architectural or decorative element of the wall that had no structural\n                     significance; however, NRC staff later stated that the cracking in the shield\n                     building wall was in a structurally significant area of the wall.\n\n                     Investigative Results:\n                     OIG found that the Bloomberg News reporter misquoted the NRC Region III\n                     PAO in the June 7, 2012, news article concerning the need for the licensee to report\n                     to NRC the pressure boundary leak in the Davis-Besse pipe. OIG found that with\n                     the PAO\xe2\x80\x99s assistance, the Bloomberg News editor published another article on\n                     July 25, 2012, that corrected the June 7th article and accurately quoted the PAO in\n                     stating the plant was required to report the leak to the NRC.\n\n                     With regard to the cracking of the shield building wall, OIG found that NRC\xe2\x80\x99s\n                     initial characterization of this incident was based on preliminary information\n\n\n\n30 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cobtained from FirstEnergy. As more information became available to NRC, the\nagency revised its description of the cracking issue, and its later descriptions were\ntherefore different than its earlier descriptions.\n\nOIG also found that NRC inspected the Davis-Besse shield building cracking and\nNRC concluded that the cracking did not affect the ability of the shield building to\nperform its design function.\n\n(Addresses Management and Performance Challenge #1)\n\n\n\nMisuse of Transit Subsidy Benefit Program\nOIG Strategic Goal: Corporate Management\nOIG completed an investigation into allegations that an NRC employee used their\nWashington Metropolitan Area Transit Authority (Metro) Transit Subsidy Benefits\nProgram (TSBP) funds to pay for parking for their privately owned vehicle. An\ninitial review of the employee\xe2\x80\x99s Metro Transit Subsidy SmarTrip transaction\nhistory revealed there were several occasions where the employee paid for parking\nwithout reimbursing the money received from the TSBP.\n\nInvestigative Results:\nOIG reviewed the NRC TSBP application (NRC Form 546) signed by the\nemployee and approved by NRC on May 3, 2011. On the bottom of the NRC\nForm 546 is a certification block each applicant must read and sign. The\ncertification block in part includes the following statement: \xe2\x80\x9cI will use the\nappropriate portion of my eligible monthly benefit for my actual monthly\ncommuting cost by public transportation or eligible van pool.\xe2\x80\x9d The NRC Form\n546 indicated the employee would commute to the NRC using Metrorail from the\nNew Carrollton Station to the White Flint Station, and return, 20 days per month,\ntotaling $204.00 in monthly transit subsidy benefits. Both the NRC Form 546\nand the NRC TSBP questions and answers state that the program benefits do not\ninclude parking.\n\nOIG reviewed the employee\xe2\x80\x99s transit subsidy SmarTrip transaction history for the\nperiod January 2008 through mid-September 2011. The employee commuted by\nboth Metrorail and by her privately owned vehicle during this time. The employee\npaid for parking on approximately 617 separate occasions, totaling $5,216.75.\nThe employee deposited her own funds in the amount of $150.00 onto her\nSmarTrip card. After subtracting personal deposits, the total amount of potential\nTSBP funds misused was $5,066.75. The employee\xe2\x80\x99s service with the NRC was\nterminated in May 2013.\n\n(Addresses Management and Performance Challenge #6)\n\n\n\n                                                                     April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 31\n\x0c                     Logon Credential Harvesting Using Google Spreadsheets\n                     OIG Strategic Goal: Security\n                     OIG completed an investigation into an allegation that an unknown individual(s)\n                     sent a spear phishing e-mail to approximately 215 NRC e-mail accounts containing\n                     a link to harvest NRC network user ID and passwords (credentials). The link in the\n                     e-mail went to a Google Doc spreadsheet asking users to \xe2\x80\x9cvalidate\xe2\x80\x9d their network\n                     credentials. At least 12 NRC users were identified as having clicked on the link and\n                     accessing the Google Doc spreadsheet page.\n\n                     Investigative Results:\n                     OIG investigative activity identified an account created in Malaysia for the sole\n                     purpose of sending the spear phishing emails. Additionally, it was determined 55\n                     non-NRC issued user accounts were associated with other Federal Government\n                     agencies. OIG notified the other Federal Government agencies of the potential\n                     compromise of their users\xe2\x80\x99 accounts.\n\n                     OIG was unable to conclusively identify the person(s) engaging in the spear\n                     phishing activities against the NRC. The investigation identified several suspects\n                     located in different foreign countries who may be participants in a scheme to\n                     fraudulently obtain network logon credentials from a variety of sources, including\n                     the U.S. Government, to send spear phishing e-mail messages. Investigative leads\n                     sent to these other countries resulted in no international law enforcement action\n                     being taken against the targets. As a result, OIG was unable to identify domestic\n                     targets who may be involved in the operation.\n\n                     (Addresses Management and Performance Challenge #5)\n\n\n\n                     NRC Handling of Contractor Award Process for\n                     Region I Contract\n                     OIG Strategic Goal: Corporate Management\n                     OIG completed an investigation initiated by a letter from Congress. The letter\n                     conveyed that a constituent, a former Small Business Administration (SBA) 8(a)\n                     business owner, alleged that NRC inappropriately awarded an SBA 8(a) contract\n                     that the alleger previously held to a different contractor to provide human resources\n                     support to NRC\xe2\x80\x99s Region I office.\n\n                     Investigative Results:\n                     OIG learned that the former contractor, a human resources consulting service\n                     contractor, had a contract with NRC from 2002 until 2012 to perform services\n                     for NRC\xe2\x80\x99s Region I office. The company was a participant in SBA\xe2\x80\x99s 8(a) Business\n\n\n32 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cDevelopment Program, a business assistance program for small disadvantaged\nbusinesses. Under the program, businesses owned and controlled by a \xe2\x80\x9csocially and\neconomically disadvantaged individual\xe2\x80\x9d can receive sole-source contracts up to a\nceiling of $4 million for goods and services. Participation is limited to 9 years and,\nafter that time, neither the business nor the individual is eligible to participate again.\nOIG learned that on October 1, 2012, NRC awarded the NRC Region I contract to\na a different 8(a) company, since the former contractor had graduated from the SBA\n8(a) program and was not eligible to compete for the contractual services.\n\n(Addresses Management and Performance Challenge #7)\n\n\n\nContract Irregularities Associated With Information\nTechnology Contractor\nOIG Strategic Goal: Corporate Management\nOIG completed an investigation into an anonymous allegation that an NRC\ncontractor was not providing IT infrastructure services and support mandated under\nits contract with NRC. According to the allegation, the NRC contractor was not\nproviding printers, supplies, and maintenance that NRC desperately needed and was\ncutting costs by providing inexperienced personnel to work on the contract.\n\nInvestigative Results:\nA review of the NRC contract disclosed that the contract is an indefinite delivery,\nindefinite quantity contract, containing firm-fixed-price and labor hours for IT\ninfrastructure services and support, that was awarded to the contractor for the base\nperiod February 18, 2011, through February 17, 2014, with three option years\nending on February 17, 2017. The contract supports the NRC IT infrastructure\nand provides NRC headquarters, regional offices, resident inspector sites, the NRC\nTechnical Training Center, and mobile NRC users with the vast majority of needed\nIT services, including desktop and laptop computers, servers, office productivity\nsoftware, e-mail, help desk, BlackBerry devices, network file storage, network\nprinters, network management, IT operational security, data backup and recovery,\nand new technology integration.\n\nOIG learned that under the firm-fixed-price and labor hours contract, the\nGovernment has a predetermined, agreed-upon price for a specific type of work,\nincluding labor and price for items. A firm-fixed-price contract is not subject to\nprice adjustment on the basis of the contractor\xe2\x80\x99s cost experience in performing the\ncontract, and it allocates to the contractor the maximum risk and responsibility for\nits performance cost and resulting profit or loss. Consequently, because this is a\nfirm-fixed-price contract, NRC is not concerned about the salary of individuals who\nare supporting the contract as long as the contractor is providing individuals who\ncan fulfill the contract requirements. The actual salary is between an individual\nemployee and the contractor.\n\n                                                                      April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 33\n\x0c                     In addition, regarding the issue of whether the contractor personnel lacked\n                     experience in properly managing the contract, OIG found that early in the contract,\n                     NRC had issues with one of the contractor manager\xe2\x80\x99s level of experience. However,\n                     after this issue was brought to the attention of the contractor, the contractor\n                     replaced the manager and, since then, the contractor has done well in managing the\n                     contract.\n\n                     OIG also found that the NRC contractor has been fulfilling the contract in a timely\n                     manner and that it has always delivered printers within the allotted time and the\n                     proper quantities.\n\n                     (Addresses Management and Performance Challenge #5)\n\n\n\n\n34 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0c  Summary of OIG Accomplishments\n  April 1, 2013, through September 30, 2013\n\n  Investigative Statistics\n  Source of Allegations\n                    NRC Employee                                      36\n\n                 NRC Management                6\n\n         Other Government Agency           3\n\n                     General Public                           22\n\n            OIG Proactive Initiative           6\n                 Regulated Industry        3\n                          Anonymous                      17\n                          Intervenor       3\n                      Congressional    1\n\n                               Media   1\n\n                          Contractor   2\n\n                                               Allegations resulting from Hotline calls: 47\n                                                                               Total: 100\n\n\n\n  Disposition of Allegations\n\n                               Total                                                                      100\n             Closed Administratively                                 40\n\n     Referred for OIG Investigation                           29\n\nReferred to NRC Management and Staff                16\n\n             Pending Review Action             6\n\n         Correlated to Existing Case            8\n\n             Referred to OIG Audit     1\n\n\n\n\n                                                                           April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 35\n\x0c                     Status of Investigations\n                     DOJ Referrals  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 7\n                     DOJ Acceptance  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .1\n                     DOJ Pending .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .2\n                     DOJ Declinations  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .7\n                     Criminal Convictions .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 5\n                     Criminal Penalty Fines  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . $567,989.36\n                     NRC Administrative Actions:\n                     \t     Terminations and Resignations .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .1\n                     \t     Suspensions and Demotions .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 3\t\t\n                     \t     Other (Letter from Chairman) .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .1\n                     State Referrals .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 1\n                     State Declinations .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 1\n                     State Accepted .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 0\n                     PFCRA Referral  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .0\n                     PFCRA Acceptance .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 0\n\n\n\n                     Summary of Investigations\n                     Classification of \t\t          Opened \t Closed \t Cases in\n                     Investigations\t     Carryover\t Cases\t Cases\tProgress\n\n                     Employee Misconduct \t                                                27\t                19\t                17 \t             29\n                     Event Inquiry\t                                                         2\t                 0\t                 0\t               2\n                     External Fraud\t                                                        6\t                 1\t                 1\t               6\n                     False Statements\t                                                      4\t                 0\t                 2 \t              2\n                     Management Misconduct\t                                               12\t                15\t                  7\t             20\n                     Miscellaneous\t                                                         3\t                 1\t                 2\t               2\n                     Proactive Initiatives\t                                               10\t                  3\t                 3\t             10\n                     Technical Allegations\t                                                 5\t                 0\t                 1\t               4\n                     Theft\t                                                                 1\t                 0\t                 1\t               0\n                     Whistleblower Reprisal\t                                                1\t                 0\t                 1\t               0\n                     \t \t Grand Total\t                                                    71\t                 39\t               35\t               75\n\n\n\n\n36 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAudit Listings\nDate          Title                                                  Audit Number\n\n04/01/2013\t   Audit of NRC\xe2\x80\x99s Safeguards Information Local \t\t         OIG-13-A-16\n\t\t            Area Network and Electronic Safe\n\n04/16/2013\t   Audit of NRC\xe2\x80\x99s Travel Charge Card Program\t\t            OIG-13-A-17\n\n05/07/2013\t   Audit of NRC\xe2\x80\x99s Budget Execution Process\t\t              OIG-13-A-18\n\n06/03/2013\t   Audit of NRC\xe2\x80\x99s Information Technology Readiness\t       OIG-13-A-19\n\t\t            for Three White Flint North\n\n08/20/2013\t   Audit of NRC\xe2\x80\x99s Compliance With 10 CFR Part 51 \t        OIG-13-A-20\n\t\t            Relative to Environmental Impact Statements\n\n09/12/2013\t   Audit of NRC\xe2\x80\x99s Implementation of Federal Classified\t   OIG-13-A-21\n\t\t            Information Laws and Policies\n\n09/12/2013\t Audit of NRC\xe2\x80\x99s Ongoing Eligibility for Access\t\t          OIG-13-A-22\n\t\tAuthorization\n\n\n\n\n                                                               April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 37\n\x0c          Contract Audit Reports\n          OIG \t             Contractor/Title/\t                           Questioned\t   Unsupported\n          Issued Date\t      Contract Number\t                             Costs\t        Costs\n          04/15/2013        Dade Moeller & Associates, Inc.              0             0\n                            Independent Evaluation of\n                            Dade Moeller & Associates,\n                            Inc. FY 2013 Provisional\n                            Billing Rates\n                            NRC-HQ-11-C-04-0012\n\n          09/04/2013        Southwest Research Institute                 0             0\n                            Independent Audit of\n                            Southwest Research\n                            Institute\xe2\x80\x99s General Dollar\n                            Magnitude Cost Impact\n                            NRC-02-06-018\n                            NRC-02-06-021\n                            NRC-41-09-011\n                            NRC-03-09-070\n                            NRC-03-10-066\n                            NRC-03-10-070\n                            NRC-03-10-081\n                            NRC-04-10-144\n                            NRC-HQ-11 -C-03-0047\n                            NRC-HQ-11 -C-03-0058\n\n          09/04/2013        Southwest Research Institute                 0             0\n                            Independent Audit of\n                            Southwest Research Institute\xe2\x80\x99s\n                            FY 2011 Pre-Established Fringe\n                            Burden Rate for Provisional\n                            Billing Purposes\n                            NRC-02-06-018\n                            NRC-02-06-021\n                            NRC-41-09-011\n                            NRC-03-09-070\n                            NRC-03-10-066\n                            NRC-03-1 0-070\n                            NRC-03-10-081\n                            NRC-04-10-144\n                            NRC-HQ-11-C-03-0047\n                            NRC-HQ-11-C-03-0058\n\n\n\n\n38 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAudit Resolution Activities\nTABLE I\nOIG Reports Containing Questioned Costs26\n\t                                                                              \t      Questioned\tUnsupported\n\t                                                                          Number of\t   Costs\t      Costs\nReports\t                                                                    Reports\t (Dollars)\t(Dollars)\n\nA. \t For which no management decision\n     had been made by the commencement\n     of the reporting period\t                                                     1\t                     $540,637\t         0\n\nB. \t Which were issued during the reporting\n     period\t                                                                      0\t 0\t0\n\n\t          Subtotal (A + B)\t                                                      0\t 0\t0\t\n\nC. \t For which a management decision was\n     made during the reporting period:\t\n\n\t          (i) dollar value of disallowed costs\t                                  0\t                           0\t          0\t\n\n\t          (ii) dollar value of costs not disallowed\t                             1\t                     $540,637\t         0\t\n\nD. \t For which no management decision had\n     been made by the end of the reporting period\t                                0\t                           0\t          0\n\n\n\n\n26\n     \x07Questioned costs are costs that are questioned by OIG because of an alleged violation of a provision of a law,\n     regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure\n     of funds; a finding that, at the time of the audit, such costs are not supported by adequate documentation; or a\n     finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.\n\n\n\n                                                                                               April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 39\n\x0c                   TABLE II\n                   OIG Reports Issued with Recommendations\n                   That Funds Be Put to Better Use27\n                   \t                                                                                 Number of\t                Dollar Value\n                   Reports\t                                                                           Reports\t                  of Funds\n\n                   A.\t        For which no management decision\t 0\t 0\n                              had been made by the commencement\n                              of the reporting period\t\t\t\n\n                   B.\t        Which were issued during the \t 0\t                                                                        0\n                              reporting period\t\t\n\n                   C.\t        For which a management decision was\t\n                              made during the reporting period:\t\t\n\n                   \t           (i) \t dollar value of recommendations\t                                       0\t                         0\n                              \t      that were agreed to by management\n\n                   \t           (ii) \t dollar value of recommendations \t                                     0\t                         0\n                               \t      that were not agreed to by management\n\n                   D.\t        For which no management decision had\t                                         0\t                         0\n                              been made by the end of the reporting period\n\n\n\n\n                   27\n                        \x07A \xe2\x80\x9crecommendation that funds be put to better use\xe2\x80\x9d is a recommendation by OIG that funds could be used more\n                        efficiently if NRC management took actions to implement and complete the recommendation, including reductions\n                        in outlays; deobligation of funds from programs or operations; withdrawal of interest subsidy costs on loans or loan\n                        guarantees, insurance, or bonds; costs not incurred by implementing recommended improvements related to the\n                        operations of NRC, a contractor, or a grantee; avoidance of unnecessary expenditures noted in preaward reviews of\n                        contract or grant agreements; or any other savings which are specifically identified.\n\n\n\n\n40 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cTABLE III\nSignificant Recommendations Described in Previous\nSemiannual Reports on Which Corrective Action Has\nNot Been Completed\nDate\t         Report Title\t                                                   Number\n\n05/26/2003\t    Audit of NRC\xe2\x80\x99s Regulatory Oversight of Special \t               OIG-03-A-15\t\t\n\t              Nuclear Materials\n\n Recommendation 1: Conduct periodic inspections\n\t\x07\n to verify that material licensees comply with material\n control and accountability (MC&A) requirements,\n including, but not limited to, visual inspections of\n licensees\xe2\x80\x99 special nuclear material (SNM) inventories\n and validation of reported information.\n\n Recommendation 3: Develop and implement a quality\n\t\x07\n assurance process that ensures that collected enforcement\n data is accurate and complete.\n\n\n\n\n                                                                  April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 41\n\x0c            TABLE IV\n            Summary of Audit Reports Without Management Decision for\n            More Than Six Months\n            Date\t\t Report Title\t                                                           Number\n\n            7/12/2012\t      Audit of NRC\xe2\x80\x99s Inspections, Tests, Analyses, \t                 OIG-12-A-16\t\t\n            \t               and Acceptance Criteria (ITAAC) Process\n\n            \t\x07\x07Summary: OIG made 10 recommendations to the\n               Executive Director for Operations of which one is\n               unresolved.\n\n                            Recommendation 10: Recommended that the Executive\n                            Director for Operations develop and implement a\n                            change management process to address future change in\n                            the ITAAC process that can create barriers to effective\n                            communication and coordination.\n\n                            Reason Unresolved: NRC staff stated agreement with the\n                            recommendation, yet the agency\xe2\x80\x99s actions do not meet the\n                            intent of OIG\xe2\x80\x99s recommendation. According to NRC staff,\n                            the Office of New Reactors (NRO) has incorporated the\n                            principals of change management in the tools and processes\n                            that facilitate and control ITAAC changes. OIG notes that\n                            this is not the same as the development and implementation\n                            of a change management process. NRC staff have recently\n                            stated that agency senior management are evaluating the\n                            implementation of an agency-level management system,\n                            which is expected to include a change management\n                            process. However, the agency has not provided to OIG any\n                            documentation or details that describes how this effort will\n                            be implemented. As a result, this recommendation remains\n                            unresolved. OIG expects to receive an updated response\n                            from NRC by March 7, 2014.\n\n\n\n\n42 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAbbreviations and Acronyms\n3WFN\t\t Three White Flint North\nCFR\t\t Code of Federal Regulations\nDOE\t\t Department of Energy\nEIS\t\t Environmental Impact Statement\nE-Safe\t\t electronic safe\nFAIMIS\t\t Financial Accounting and Integrated Management System\nFISMA\t\t Federal Information Security Management Act\nFY\t\t fiscal year\nIAM\t\t Issue Area Monitor\nIG\t\t Inspector General\nIPEC\t\t Information Technology/Information Management Portfolio Council\nIT\t\t information technology\nITAAC\t\t Inspections, Tests, Analyses, and Acceptance Criteria\nITB\t\t Information Technology/Information Management Board\nLAN\t\t Local Area Network\nMC&A\t\t material control and accountablity\nMD\t\t Management Directive\nMetro\t\t Washinton Metropolitan Area Transit Authority\nNEPA\t\t National Environmental Policy Act of 1969\nNEWFlex\t\t NRC Employee Work Schedule Flexibilities\nNRO\t\t Office of New Reactors (NRC)\nNRC\t\t U.S. Nuclear Regulatory Commission\nOCFO\t\t Office of the Chief Financial Officer\nOIG\t\t Office of the Inspector General (NRC)\nOMB\t\t Office of Management and Budget\nPAO\t\t Public Affairs Officer\nPSB\t\t Personnel Security Branch (NRC)\nROD \t\t Record of Decision\nSBA\t\t Small Business Administration\nSGI\t\t Safeguards Information\nSLES\t\t Safeguards Information Local Area Network System\nSNM\t\t special nuclear material\nTSBP\t\t Transit Subsidy Benefits Program\n\n\n\n\n                                                         April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 43\n\x0cReporting Requirements\n                     The Inspector General Act of 1978, as amended (1988), specifies reporting requirements\n                     for semiannual reports. This index cross-references those requirements to the applicable\n                     pages where they are fulfilled in this report.\n\n                     \t\n                     Citation\t           Reporting Requirements\t                                        Page\n\n                     Section 4(a)(2) \t Review of Legislation and Regulations\t                               6\n\n                     Section 5(a)(1) \t Significant Problems, Abuses, and Deficiencies\t           9-21, 29-34\n\n                     Section 5(a)(2) \t Recommendations for Corrective Action\t                            9-21\n\n                     Section 5(a)(3) \t Prior Significant Recommendations Not Yet Completed\t                41\n\n                     Section 5(a)(4) \t Matters Referred to Prosecutive Authorities\t                        36\n\n                     Section 5(a)(5) \t Information or Assistance Refused\t                              None\n\n                     Section 5(a)(6) \t Listing of Audit Reports\t                                           37\n\n                     Section 5(a)(7) \t Summary of Significant Reports\t                           9-21, 29-34\n\n                     Section 5(a)(8) \t Audit Reports \xe2\x80\x94 Questioned Costs\t                                   39\n\n                     Section 5(a)(9) \t Audit Reports \xe2\x80\x94 Funds Put to Better Use\t                            40\n\n                     Section 5(a)(10)\t Audit Reports Issued Before Commencement of \t                       42\n                     \t                 the Reporting Period for Which No Management\n                     \t                 Decision Has Been Made\t\n\n                     Section 5(a)(11) \t Significant Revised Management Decisions\t                      None\n\n                     Section 5(a)(12) \t Significant Management Decisions With Which\t                   None\n                     \t                  the OIG Disagreed\t\n\n                     Section 989C.\t      Peer Review Information\t                                          45\n\n\n\n\n44 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cAppendix\nPeer Review Information\nThe OIG Audit and Investigative Programs undergo a peer review every 3 years.\n\nInvestigations\nThe NRC OIG Investigative program was peer reviewed most recently by the\nCorporation for National and Community Service Office of Inspector General.\nThe peer review final report, dated September 16, 2013, reflected that the NRC\nOIG is in compliance with the quality standards established by the Council of\nthe Inspectors General on Integrity and Efficiency and the Attorney General\nGuidelines for Offices of Inspectors General with Statutory Law Enforcement\nAuthority.\n\nAudits\nThe NRC OIG Audit Program was peer reviewed most recently by the\nNational Archives and Records Administration Office of Inspector General on\nSeptember 27, 2012.\n\n\n\n\n                                                                 April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 45\n\x0c                                                                         Control panel at a nuclear power plant.\n\n46 \xe2\x80\x94 NRC Office of the Inspector General Semiannual Report to Congress\n\x0cConstruction progress at V.C. Summer Unit 3. Photo courtesy of   David Failla.\n\n\n\n                       April 1, 2013\xe2\x80\x93September 30, 2013 \xe2\x80\x94 47\n\x0c\x0cOIG VISION                                                           OIG STRATEGIC GOALS\n\xe2\x80\x9cWe are agents of positive change striving for continuous            1. S\n                                                                        \x07 trengthen NRC\xe2\x80\x99s efforts to protect public health and safety\nimprovement in our agency\xe2\x80\x99s management and program operations.\xe2\x80\x9d         and the environment.\n                                                                     2. E\x07 nhance NRC\xe2\x80\x99s efforts to increase security in response to an\n                                                                        evolving threat environment.\nOIG MISSION\n                                                                     3. I\x07 ncrease the economy, efficiency, and effectiveness with\nNRC OIG\xe2\x80\x99s mission is to (1) independently and objectively conduct       which NRC manages and exercises stewardship over its\nand supervise audits and investigations relating to NRC\xe2\x80\x99s programs      resources.\nand operations; (2) prevent and detect fraud, waste, and abuse;\nand (3) promote economy, efficiency, and effectiveness in NRC\xe2\x80\x99s\nprograms and operations.\n\n\n\n\nCover Photo:\n\nMcGuire Nuclear Station.\nPhoto coutesy of Duke Energy, LLC\n\x0cThe NRC OIG Hotline\nThe Hotline Program provides NRC employees, other Government employees, licensee/utility\nemployees, contractors, and the public with a confidential means of reporting suspicious\nactivity concerning fraud, waste, abuse, and employee or management misconduct.\nMismanagement of agency programs or danger to public health and safety may also be\nreported. We do not attempt to identify persons contacting the Hotline.                     Office of the Inspector General\nWhat should be reported:\n\xe2\x80\xa2 Contract and Procurement Irregularities    \xe2\x80\xa2 Abuse of Authority\n                                                                                            Semiannual Report\n\xe2\x80\xa2 Conflicts of Interest\n\xe2\x80\xa2 Theft and Misuse of Property\n\xe2\x80\xa2 Travel Fraud\n                                             \xe2\x80\xa2 Misuse of Government Credit Card\n                                             \xe2\x80\xa2 Time and Attendance Abuse\n                                             \xe2\x80\xa2 Misuse of Information Technology Resources\n                                                                                            to Congress\n\xe2\x80\xa2 Misconduct                                 \xe2\x80\xa2 Program Mismanagement                        April 1, 2013\xe2\x80\x93September 30, 2013\n\nWays To Contact the OIG\n                               Call:\n                               OIG Hotline\n                               1-800-233-3497\n                               TDD: 1-800-270-2787\n                               7:00 a.m. \xe2\x80\x93 4:00 p.m. (EST)\n                               After hours, please leave a message.\n\n\n                               Submit:\n                               Online Form\n                               www.nrc.gov\n                               Click on Inspector General\n                               Click on OIG Hotline\n\n\n\n                               Write:\n                               U.S. Nuclear Regulatory Commission\n                               Office of the Inspector General\n                               Hotline Program, MS O5 E13\n                               11555 Rockville Pike\n                               Rockville, MD 20852-2738\n\n\nNUREG-1415, Vol. 27, No. 1\nOctober 2013\n\x0c'